Re: Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected) — PHP Programming Language

You are here: Re: Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected) « PHP Programming Language « IT news, forums, messages

Posted by Erwin Moller on 11/07/06 14:02

Tom wrote:

> Thanks for the suggestion. As a matter of fact, after some quiet
> reflection away from the computer, that's what I ended up doing and
> just added an argument to the function I use that allows the value to
> be hardcoded, something like this:
>
> php_guard_page($min_access_level=1, $action_field='dynamic')
>
> The session-loss, as you anticipated, is the bigger issue I now
> confront. This is part of a framework I use for multiple projects
> which is the reason why I hesitated at something like hard-coding a
> url. In any event, the idea is: a visitor can browse around open
> non-restricted parts of the site then when they want to look at a
> restricted page -- bam! hit them with the login form. In this
> particular instance, I wanted to run the login through my host's shared
> SSL -- which is on a different domain.
>
> Two questions:
>

Hi

> 1. Is this necessary? Is using an unencrypted login form a significant
> risk? What are the risks.

The biggest risk of using unencrypted login is simple: eavesdropping.
If somebody taps into the networktraffic (something that can happen anywhere
between the two IP-adresses), he can see the username password in the
IP-packages. Simple as that, just in plaintext.

How big this risk is, is completely beyound my knowledge.

>
> 2. Is this possible? I quickly came to realize that I wasn't
> understanding how the shared SSL certificate function. I was thinking
> of it simply as kind of an extra layer of security being put on top of
> my scripts. Any recommendation on how to best implement secure logins
> with PHP using a shared certificate in this manner?

No, sorry, not my area of expertice. :-/

>
> Links to good articles on the subject are welcome.

Tom, I think you might get luckier with help on using and implementing HTTPS
in an Apache newsgroup.
I am sure a few in here know how to do it, but it is a little off topic in
this ng. SO if you need help quickly, go there.

If you hit a roof with sessionloss between your servers, come back here.
With that we can possibly help. :-)

Regards,
Erwin Moller

>
> Thanks,
> Tom
>
>

Navigation:

Next in forum: Re: xampp - get rid of mysqlrootpasswd
Prev in forum: Image MIME/file type
Thread view: Re: Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected)

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация