Site security

Discussions about server security -- questions and answeres

Moderators: egami, macek, gesf

Post Reply
User avatar
tradelnet
New php-forum User
New php-forum User
Posts: 9
Joined: Fri Sep 09, 2005 9:35 am
Location: Spain
Contact:

Tue Oct 18, 2005 8:04 am

I need to build a site in PHP with the maximum allowed security.
I know how to manage sessions, security problems regarding $_GLOBALS variables (commented in php.net) and so on, but I don't know if it is enough.
I don't find in php.net (neither in google) anything about https:// (secure http) in PHP.
Does PHP allow it?
How can I learn about it?
I guess this is the correct forum to make this post.

Thanks in advance.

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Tue Oct 18, 2005 11:11 am

its Apache that has to allow it, not php: php will work with anything..
you simply need to enable mod_ssl and have an SSL certficate to be able to run in HTTPS mode..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
tradelnet
New php-forum User
New php-forum User
Posts: 9
Joined: Fri Sep 09, 2005 9:35 am
Location: Spain
Contact:

Tue Oct 18, 2005 11:39 am

Alexei Kubarev wrote:its Apache that has to allow it, not php: php will work with anything..
you simply need to enable mod_ssl and have an SSL certficate to be able to run in HTTPS mode..
Where can I learn to do that?


Thanks for your answer.

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Tue Oct 18, 2005 11:52 am

http://httpd.apache.org
Go to documentation => mod_ssl

http://www.openssl.org

Note that SSL certificate is not free of charge.
Self generated SSL certificates are free but will show a warning dialog to the user..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
ruturajv
php-forum Super User
php-forum Super User
Posts: 1279
Joined: Sat Mar 22, 2003 9:42 am
Location: Mumbai, India
Contact:

Wed Oct 19, 2005 3:33 am

you need to tell your hosting provider about SSL website, and then you'll need to have a certificate issued from the CA (Certificate Authority) like Verisign, Thwate, etc.

roejim

Thu Sep 29, 2011 5:16 pm

It really is important to be able to implement a very tight security for your pages as the last thing you would want to deal with would include private data being available out to the open.

While security is a dynamic and evolving technology, that makes way for you always employing new and strict techniques to save your system.

User avatar
JordanMRichards
New php-forum User
New php-forum User
Posts: 81
Joined: Mon Apr 23, 2012 7:43 am
Contact:

Thu Apr 26, 2012 11:16 am

Adjusting your php.ini file can effect security also.

Flick through there and google anything you don't understand on it.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14 Year Old Programmer & Graphic Artist, Confident and Courageous
Image

User avatar
j4012345
New php-forum User
New php-forum User
Posts: 21
Joined: Sun Feb 14, 2016 10:57 am

Sun Feb 14, 2016 12:27 pm

There are also some software that can scan your site for security holes, I can recommend some if you need.

Post Reply