Re: Back to security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



jekillen wrote:
For what it is worth, I am only aware of one drawback to https with
respect to how requests are handled that makes it difficult to use
with virtual hosting. I am a little hazy  on how it works but when
https is used only the ip address of the request is available to the
server before the rest of the request is decrypted.
I might be able to shed a little more light on that point...It's pretty simple actually...

The client establishes an SSL connection with the server. That involves verifying the identity of the server (via a signed certificate). This is all done prior to the client sending the HTTP Host header. So you have a chicken and egg problem:

You want to tell the server what virtual host you want via a header, but that requires a connection first. However, the server needs to tell you who it is before you can even connect.

End result? Only one domain per vhost. :-)

jon

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux