uniflare Posted March 18, 2008 Share Posted March 18, 2008 I have SSL Running already fine, i go to my script it runs perfect... My question is: Are there any special requirments for using SSL with php? at the moment i'm assuming by just calling the url with https is secure enough for credit card information, am i correct? or are there certain pieces of code that need tweaking for security? Not using globals, using mysql_escape_string on all mysql-related user input, and htmlentities on all displayable user-inputed data. thanks for your help in advance Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 18, 2008 Share Posted March 18, 2008 it's the same but with https. Quote Link to comment Share on other sites More sharing options...
uniflare Posted March 18, 2008 Author Share Posted March 18, 2008 thats what i thought, cheers, i only asked because on some shopping cart scripts they sell different packages and the cheaper ones say they don't support HTTPS or similar and charge for SSL Secure Shopping Scripts... Can they justify this? or does it mean something else i'm not thinking of? one example: http://www.shop-script.com/compare-shopping-cart-software.html ; where it says "Secure checkout (SSL)" under "Shopping cart & Ordering" thanks Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 18, 2008 Share Posted March 18, 2008 hm, don't know what that's about. all i can think of is that they disabled it on purpose, perhaps checking for a secure connection and redirecting to an insecure connection if necessary. i've never had to do anything for my PHP code except maybe the reverse: if the user takes the s out of https, put it back in on a redirect. Quote Link to comment Share on other sites More sharing options...
Caesar Posted March 18, 2008 Share Posted March 18, 2008 When they say they support SSL, they mean, secure paths can be integrated in their settings so that the shop goes through the secure connection when a user proceeds to a certain point in checkout (Rather than simply running under HTTPS). You also want to make sure your server/host allows both incoming/outgoing connections on port 443 (If you plan on using a payment gateway. In other words...steer clear of crap hosts like GoDaddy). Quote Link to comment Share on other sites More sharing options...
uniflare Posted March 19, 2008 Author Share Posted March 19, 2008 Thanks Caesar & BlueSky, are you talking about stuff like paypal-type SSL Transactions etc using headers? --- also can anyone reccomend a good tut on building a verisign payment module class or similar? (i want to create one my self, so i dont have to pay to get rid of the copyright on the script). thanks all Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.