On Tue, Feb 26, 2008 at 11:54 AM, tedd <tedd.sperling@xxxxxxxxx> wrote:
> At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
> >On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
>
> > > Am I misunderstanding you somewhere?
> >
> >I don't think you are. I think Ted has been doing it the hard way... but
> >the lightbulb may have just gone on :)
> >
> >Cheers,
> >Rob.
>
> It's flickering -- sorry to be so dim.
>
> At present, I use the actual directories (http/https) to determine if
> the operation of the script is secure or not.
>
> For scripts that don't collect sensitive date, I physically place in
> the http directory. For scripts that do, I place in the https
> directory.
>
> That's the hard way, right?
>
> Instead, I could place all my scripts where I want and then add
>
> <?php
> if(!isset($_SERVER['HTTPS']) ) {
>
> $url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
> $_SERVER['SERVER_NAME'];
> header("Location:
> https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
> exit;
> }
> ?>
>
> at the beginning of each secure script -- is that correct?
>
> But the redirect still requires a script to be in the https
> directory, does it not?
>
No, it doesn't. Any of your scripts can be in any folder you wish. All
the redirect does is add the 's' to the http protocol at the beginning
of the URL so that the browser knows to encrypt any data it sends and
decrypt any data it receives. I guess you could probably configure
your server so that all content served from your https directory must
use SSL, but then you are just moving the check from PHP to the web
server.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
