At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
You might want to do such checks if your website (www.example.com) is
accessible over http and https both. Typically you'll have separate
content, but it might be possible for a user to accidentally access
non-secure content over https which is just wasteful, or vice versa
which is clearly a security risk.
Let's take this scenario.
I have a site that has http and https directories with the https
having a certificate.
I want to sell stuff.
I offer the items for review in the http directories.
Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
data and finalizes the sale. What's wrong with that?
Why would I also want to check if "that a page is accessed only via a
secure connection?"
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
