dcsimg
Results 1 to 5 of 5

Thread: New To HTTPS Programming

Hybrid View

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Feb 2010
    Location
    Damascus - Syria
    Posts
    145

    New To HTTPS Programming

    Hi friends

    most of projects I have done was running locally, some of them went online. Now I have to make a new application but they want to install a certificate and encrypt data using SSL.

    Is there special things I have to take in mind, whether they want the login pages secured only or whole pages.

    Thank you

  2. #2

    Thread Starter
    Addicted Member
    Join Date
    Feb 2010
    Location
    Damascus - Syria
    Posts
    145

    Re: New To HTTPS Programming

    Hey guys

  3. #3
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: New To HTTPS Programming

    Hi,
    sites that are not with high rate of possible attacks , doesnt need to have the whole pages to come with ssl , some do like paypal , if your customer just having a site like an ads site , my opinion is just use https only for those pages that are important such as login page , i guess you know already that using ssl will take a little bit longer for the site to comes up and those sites that has enough things to load the ssl is the last thing that you wanna add in it, although some people got some fast internet that wouldnt mind , but you have to always think about the worst case.

  4. #4
    Frenzied Member TheBigB's Avatar
    Join Date
    Mar 2006
    Location
    *Stack Trace*
    Posts
    1,511

    Re: New To HTTPS Programming

    Hi fjober,

    Is there any reason they only want to use SSL on specific pages? If the reason is CPU load, I can tell you that nowadays the performance hit is minimal for SSL. When you don't use SSL across the entire website, session hijacking is as easy as pie.

    Also something to consider is the configuration of the web server. Some hosts have separate directories for server HTTP and HTTPS traffic, while others route both to a single directory.

    On the side of HTML, JS and CSS you need to make sure the resources are loaded through HTTPS if you're on a HTTPS page, otherwise browsers will tell you that you have insecure content on a secure page. The easiest way to make sure this happens, is to use "//mysite.com/myresources.js" instead of "http://mysite.com/myresources.js" or "https://mysite.com/myresources.js". Your browser will automatically select the proper channel in that case.
    Delete it. They just clutter threads anyway.

  5. #5

    Thread Starter
    Addicted Member
    Join Date
    Feb 2010
    Location
    Damascus - Syria
    Posts
    145

    Re: New To HTTPS Programming

    mmm

    Thanks guys

    now I understand that I should design and program my application as usual, then install the certificate (which is a single txt file) in cPanel and everything would be fine ^_^

    Thanks

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width