Hmm, not sure about that one. But the first part makes sense: you don't want to start loading insecure data over a secure connection, because then the data that is loaded is not going to be transmitted securely, giving the false impression to the user that the entire session is secure. The second part, about the browser going into a loop and giving an application error, seems like a bug a Doug suggested, but I have no idea.
How are you calling this PHP script? Is there any reason you can't use a secure URL to the PHP script in the JS code? https://domain.dom/sql.php Then, you are just talking HTTP over a secure connection, and the browser won't know or care what the PHP script does insecurely while talking to the database (which could be another point of concern from the security view). I use a plain PHP script over HTTPS to get data from a MySQL server. I've used ioelement to talk to both Perl and PHP scripts, over HTTPS. But in my case, all these servers are running on the same mahine and I have total control over it, so I know it's configured to work the way I expect. I haven't tried having the initial web page on one HTTPS server, and calling the PHP from a separate HTTP/HTTPS server, which may be what you're doing. If you have control over the database machine, and it's a UNIX box, you can install a program that enables SSL connections to arbitrary server programs, with no modification to the server. Two such programs I am aware of (both use OpenSSL) are stunnel and sslwrap. I'm using stunnel for SWAT (Samba Web Administration Tool), which doesn't use Apache, it has it's own web server functionality, but specifically for the task at hand. Leif ----- Original Message ----- From: "Jeremy Wanamaker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 03, 2004 9:47 AM Subject: Re: [Dynapi-Help] secure http > Sorry, I should have been more specific in my original email. I am using > Dynapi 3 with ioelement.js to get data from a database via php scripts. It > works fine when it's running over http (port 80). When I switch to https > (port 443), Mozilla gives me the following warning: > > Although this page is encrypted, the information you have entered is to be > sent over an unencrypted connection and could easily be read by a third > party. > > It asks me if wish to continue.... I click yes and then mozilla goes into a > loop and gets an application error. Any idea on how I can fix this. I really > need to be able to use secure http for my application. > > Jeremy > > ----- Original Message ----- > From: "Leif W" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 30, 2004 10:08 PM > Subject: Re: [Dynapi-Help] secure http > > > > Work in what way? It should work fine in a general sense. The browser > > handles the connection to the server. The server does not care what the > > file contents are, they are just static javascript files. The browser > > handles running the JavaScript, the server has no part in this process. > > I have a local copy of CVS with some of my tinkerings in it, so it's a > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it at > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically > > redirects to the secure site. I did most of my work with IOElement and > > SODA here. > > > > :D Ohh yeah, the site is down right now, as I'm modifying some Apache > > config settings, to get more details in my log files, and I kind of shut > > the site off and started modifying some live files so I can't turn it > > back up until the configs are finished. Should be tonight or tomorrow, > > once I am able to finish. > > > > In any case, what are you trying now and what isn't working? > > > > Leif > > > > ----- Original Message ----- > > From: "Jeremy Wanamaker" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, April 30, 2004 3:35 PM > > Subject: [Dynapi-Help] secure http > > > > > > > Is anyone aware of a way to get DynAPI 3 working with a secure http > > server? > > > > > > Thanks, > > > > > > Jeremy > > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: Oracle 10g > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > _______________________________________________ > > Dynapi-Help mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/dynapi-help > ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help
