Site security

[tradelnet]

I need to build a site in PHP with the maximum allowed security.
I know how to manage sessions, security problems regarding $_GLOBALS variables (commented in php.net) and so on, but I don't know if it is enough.
I don't find in php.net (neither in google) anything about https:// (secure http) in PHP.
Does PHP allow it?
How can I learn about it?
I guess this is the correct forum to make this post.

Thanks in advance.

[Alexej Kubarev]

its Apache that has to allow it, not php: php will work with anything..
you simply need to enable mod_ssl and have an SSL certficate to be able to run in HTTPS mode..

[tradelnet]

its Apache that has to allow it, not php: php will work with anything..
you simply need to enable mod_ssl and have an SSL certficate to be able to run in HTTPS mode..

Where can I learn to do that?


Thanks for your answer.

[Alexej Kubarev]

http://httpd.apache.org
Go to documentation => mod_ssl

http://www.openssl.org

Note that SSL certificate is not free of charge.
Self generated SSL certificates are free but will show a warning dialog to the user..

[ruturajv]

you need to tell your hosting provider about SSL website, and then you'll need to have a certificate issued from the CA (Certificate Authority) like Verisign, Thwate, etc.

[roejim]

It really is important to be able to implement a very tight security for your pages as the last thing you would want to deal with would include private data being available out to the open.

While security is a dynamic and evolving technology, that makes way for you always employing new and strict techniques to save your system.

[JordanMRichards]

Adjusting your php.ini file can effect security also.

Flick through there and google anything you don't understand on it.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14 Year Old Programmer & Graphic Artist, Confident and Courageous

[j4012345]

There are also some software that can scan your site for security holes, I can recommend some if you need.