Hi,
I realize I'm a little late, but thought I would chime in on this. In my
opinion, in this case doing this through a php header redirect is a poor
practice. I don't know the sensitivity of your data, but the point of having
an SSL both for verification and encryption of the transmitted data. If the
url is being switched inside the webroot, as opposed to a layer above, then any
other compromised part of the webroot could potentially undo that. I know the
line of logic usually lies in 'if they can do that, then you have bigger
issues', but in this case I disagree. Apache comes with configuration options
for this situation, forcing it through php is hacking around apache config.
If you configure this in your vhost, or less preferably, your .htaccess file
directly you make it invulnerable to most security exploits that can be enacted
through the browser. Otherwise, you create a big 'what if' situation.
Now, if your information is truly sensitive, I would recommend isolating it
to its own subdomain, and potentially its own machine available only on the
local network, but for this application that may be overkill.
Just my $0.02, but I would use a drupal module for SSL, well never, but if I
had to I would use it only on non-sensitive things that I just happened to want
SSL on.
Cheers,
Sam Tresler
On Mon, 26 Jul 2010, Steve Edwards wrote:
http://drupal.org/project/securepages
On Jul 26, 2010, at 2:15 PM, Dayton Perkins wrote:
I have come here before and I would just like to say I really appreciate this
group/board.
I have a potential client that wants several pages to include SSL exchange of
payroll information. I have not implemented secure pages in Drupal(6).
I would appreciate input about this. I have seen a module to secure
registration and login before. I am tempted to script it, but...
Thank You,
--
Kindest regards, Dayton Perkins
Good News Design
Intelligent Web Programming for Business
3611 Butternut Drive, Suite 40
Holland MI 49424
616-399-5617
http://goodnewsdesign.com
<animatedlogo.gif>
Sam Tresler
646-246-8403
