Andrew Ballard wrote:
> On Tue, Feb 26, 2008 at 11:54 AM, tedd <tedd.sperling@xxxxxxxxx> wrote:
>> At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
>> >On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
>>
>>> > Am I misunderstanding you somewhere?
>> >
>> >I don't think you are. I think Ted has been doing it the hard way... but
>> >the lightbulb may have just gone on :)
>> >
>> >Cheers,
>> >Rob.
>>
>> It's flickering -- sorry to be so dim.
>>
>> At present, I use the actual directories (http/https) to determine if
>> the operation of the script is secure or not.
>>
>> For scripts that don't collect sensitive date, I physically place in
>> the http directory. For scripts that do, I place in the https
>> directory.
>>
>> That's the hard way, right?
>>
>> Instead, I could place all my scripts where I want and then add
>>
>> <?php
>> if(!isset($_SERVER['HTTPS']) ) {
>>
>> $url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
>> $_SERVER['SERVER_NAME'];
>> header("Location:
>> https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
>> exit;
>> }
>> ?>
>>
>> at the beginning of each secure script -- is that correct?
>>
>> But the redirect still requires a script to be in the https
>> directory, does it not?
>>
>
> No, it doesn't. Any of your scripts can be in any folder you wish. All
> the redirect does is add the 's' to the http protocol at the beginning
> of the URL so that the browser knows to encrypt any data it sends and
> decrypt any data it receives. I guess you could probably configure
> your server so that all content served from your https directory must
> use SSL, but then you are just moving the check from PHP to the web
> server.
>
> Andrew
When most people talk about a http and https directory, they are most
likely talking about the common convention in shared hosting especially
on Apache where your account will have a httpdocs/ and a httpsdocs/
directory or similar. Apache sets the docroot depending upon what
protocol is used http or https. It seems fairly common.
In some control panels you have the option of serving secure and
non-secure content from the same directory. Then you would need to
enforce this yourself within the script or rewrite rule, etc...
-Shawn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
