php-general Digest 25 Aug 2006 07:55:07 -0000 Issue 4312

Fri, 25 Aug 2006 00:57:59 -0700 

php-general Digest 25 Aug 2006 07:55:07 -0000 Issue 4312

Topics (messages 241090 through 241099):

ssl.
        241090 by: João Cândido de Souza Neto
        241091 by: Tim Traver
        241092 by: Alex Turner
        241093 by: João Cândido de Souza Neto
        241094 by: Alex Turner
        241095 by: Alex Turner
        241097 by: Mourad Boulahboub
        241099 by: Alex Turner

Re: How to deal with errors in forms
        241096 by: Chris

Re: [EMAIL PROTECTED]
        241098 by: Mourad Boulahboub

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message --- 
Hy everyone.

Since we change our ssl key from 128kb to a 256kb i notice that something´s 
going wrong.

In my e-commerce, part is secure and part isn´t. when i join into the secure 
part of the site, everithing works fine. But, when the sale is finishes and 
my script run header("Location: http://www.?????";) to exit from the secure 
part, the browser gives me a notice that some parts of the page i´ve been 
led to a non-secure region and ask me if i realy want to do that (it never 
had happened before). Thought i confirm by clicking in yes buttom, i doesn´t 
goes away from https.

Now my question:

Has some difference between 128kb e 256kb ssl key?
There´s some way to fix it?

Thanks a lot in advance for any tips...

-- 
João Cândido de Souza Neto
Curitiba Online
[EMAIL PROTECTED]
(41) 3324-2294 (41) 9985-6894
http://www.curitibaonline.com.br

--- End Message ---
--- Begin Message --- 

João Cândido de Souza Neto wrote:

Hy everyone.
Since we change our ssl key from 128kb to a 256kb i notice that something´s going wrong.
In my e-commerce, part is secure and part isn´t. when i join into the secure part of the site, everithing works fine. But, when the sale is finishes and my script run header("Location: http://www.?????";) to exit from the secure part, the browser gives me a notice that some parts of the page i´ve been led to a non-secure region and ask me if i realy want to do that (it never had happened before). Thought i confirm by clicking in yes buttom, i doesn´t goes away from https. 

Now my question:

Has some difference between 128kb e 256kb ssl key?
There´s some way to fix it?

Thanks a lot in advance for any tips...




João,

This shouldn't have anything to do with the certificate.
It most likely has to do with something being loaded on the exit page that is not secure. For example, if there is a hard coded link to an image, or an included javascript link to an outside source. 

If anything on the page is not secure, then you will get that error.

Tim.

--- End Message ---
--- Begin Message --- It would appear that the root of the page has not gone back to http. Is it possible that this is a one of those cases when two things get changed at once by accident?
I would suggest downloading the IE developer's tool bar (or the firefox equivalent) and then when you get to the page you think should be http, but is sticking on https, view the DOM. By carefully going through the DOM there is a good chance that you will find that, for example, the PHP you have redirected to http is indeed running in a frame or some such. 

AJ

João Cândido de Souza Neto wrote:

Hy everyone.
Since we change our ssl key from 128kb to a 256kb i notice that something´s going wrong.
In my e-commerce, part is secure and part isn´t. when i join into the secure part of the site, everithing works fine. But, when the sale is finishes and my script run header("Location: http://www.?????";) to exit from the secure part, the browser gives me a notice that some parts of the page i´ve been led to a non-secure region and ask me if i realy want to do that (it never had happened before). Thought i confirm by clicking in yes buttom, i doesn´t goes away from https. 

Now my question:

Has some difference between 128kb e 256kb ssl key?
There´s some way to fix it?

Thanks a lot in advance for any tips...




--
www.deployview.com
www.nerds-central.com
www.project-network.com

--- End Message ---
--- Begin Message --- 
Nothing was changed at the code, just the ssl key was changed.

Why it was working fine with the old ssl key?

"Tim Traver" <[EMAIL PROTECTED]> escreveu na mensagem 
news:[EMAIL PROTECTED]
>
> João Cândido de Souza Neto wrote:
>> Hy everyone.
>>
>> Since we change our ssl key from 128kb to a 256kb i notice that 
>> something´s going wrong.
>>
>> In my e-commerce, part is secure and part isn´t. when i join into the 
>> secure part of the site, everithing works fine. But, when the sale is 
>> finishes and my script run header("Location: http://www.?????";) to exit 
>> from the secure part, the browser gives me a notice that some parts of 
>> the page i´ve been led to a non-secure region and ask me if i realy want 
>> to do that (it never had happened before). Thought i confirm by clicking 
>> in yes buttom, i doesn´t goes away from https.
>>
>> Now my question:
>>
>> Has some difference between 128kb e 256kb ssl key?
>> There´s some way to fix it?
>>
>> Thanks a lot in advance for any tips...
>>
>>
>
>
> João,
>
> This shouldn't have anything to do with the certificate.
>
> It most likely has to do with something being loaded on the exit page that 
> is not secure. For example, if there is a hard coded link to an image, or 
> an included javascript link to an outside source.
>
> If anything on the page is not secure, then you will get that error.
>
> Tim.

--- End Message ---
--- Begin Message --- 
João,
Surely the issue is to find why it is not working now. Why it did work in the past is only of interest if you want to stop the problem re-occurring in the future. Thus, the correct approach is to find why it is not working now, fix it and then see if you can work out what has change between the past and now.
It is just possible that changing the key length has resulted in a different connection encryption escalation process between the server and the client. I am a little rusty on this :-( However, if that is the case, I would suspect that what you are seeing is a bug that has always been there but did not show up before. This might revolve around which port is being used (as you can map both https and http to one port if you use escalation - or at least I seem to remember that is possible with TLS).
In summary, find out what is broken now and all will be clear. To find out what is wrong now you should find out the exact structure of the returned page. 

Good luck

AJ

João Cândido de Souza Neto wrote:

Nothing was changed at the code, just the ssl key was changed.

Why it was working fine with the old ssl key?
"Tim Traver" <[EMAIL PROTECTED]> escreveu na mensagem news:[EMAIL PROTECTED] 
João Cândido de Souza Neto wrote:

Hy everyone.
Since we change our ssl key from 128kb to a 256kb i notice that something´s going wrong.
In my e-commerce, part is secure and part isn´t. when i join into the secure part of the site, everithing works fine. But, when the sale is finishes and my script run header("Location: http://www.?????";) to exit from the secure part, the browser gives me a notice that some parts of the page i´ve been led to a non-secure region and ask me if i realy want to do that (it never had happened before). Thought i confirm by clicking in yes buttom, i doesn´t goes away from https. 

Now my question:

Has some difference between 128kb e 256kb ssl key?
There´s some way to fix it?

Thanks a lot in advance for any tips...




João,

This shouldn't have anything to do with the certificate.
It most likely has to do with something being loaded on the exit page that is not secure. For example, if there is a hard coded link to an image, or an included javascript link to an outside source. 

If anything on the page is not secure, then you will get that error.
Tim. 


--
www.deployview.com
www.nerds-central.com
www.project-network.com

--- End Message ---
--- Begin Message --- 
João,
Please try and find out why it is not working now. Once you have that worked out, it will be much easier to find out what has changed.
There are a few subtle methods by which changing the key length might interact with PHP. However, in general, PHP is not involved with the encryption of the socket. It will be near impossible to guess what might have gone wrong. It will be much easier to work it out once you know the structure of the page that is causing the trouble. 

AJ

www.deployview.com

João Cândido de Souza Neto wrote:

Nothing was changed at the code, just the ssl key was changed.

Why it was working fine with the old ssl key?
"Tim Traver" <[EMAIL PROTECTED]> escreveu na mensagem news:[EMAIL PROTECTED] 
João Cândido de Souza Neto wrote:

Hy everyone.
Since we change our ssl key from 128kb to a 256kb i notice that something´s going wrong.
In my e-commerce, part is secure and part isn´t. when i join into the secure part of the site, everithing works fine. But, when the sale is finishes and my script run header("Location: http://www.?????";) to exit from the secure part, the browser gives me a notice that some parts of the page i´ve been led to a non-secure region and ask me if i realy want to do that (it never had happened before). Thought i confirm by clicking in yes buttom, i doesn´t goes away from https. 

Now my question:

Has some difference between 128kb e 256kb ssl key?
There´s some way to fix it?

Thanks a lot in advance for any tips...




João,

This shouldn't have anything to do with the certificate.
It most likely has to do with something being loaded on the exit page that is not secure. For example, if there is a hard coded link to an image, or an included javascript link to an outside source. 

If anything on the page is not secure, then you will get that error.
Tim. 


--
www.deployview.com
www.nerds-central.com
www.project-network.com

--- End Message ---
--- Begin Message --- 
Hi João,

this is the standard alert message from internet explorer. Because you
go from https to http it get show up. This is no bug in your script or
either in the certificate. Try it by surfing to a secure website (not
yours) with https and then leave it by typining a non secured website
into the browser. You will get the same alert message from internet explorer

João Cândido de Souza Neto schrieb am 24.08.2006 22:26:
> Hy everyone.
> 
> Since we change our ssl key from 128kb to a 256kb i notice that something´s 
> going wrong.
> 
> In my e-commerce, part is secure and part isn´t. when i join into the secure 
> part of the site, everithing works fine. But, when the sale is finishes and 
> my script run header("Location: http://www.?????";) to exit from the secure 
> part, the browser gives me a notice that some parts of the page i´ve been 
> led to a non-secure region and ask me if i realy want to do that (it never 
> had happened before). Thought i confirm by clicking in yes buttom, i doesn´t 
> goes away from https.
> 
> Now my question:
> 
> Has some difference between 128kb e 256kb ssl key?
> There´s some way to fix it?
> 
> Thanks a lot in advance for any tips...
>

--- End Message ---
--- Begin Message --- 
Mourad,
I think that you might have misread the original post. The snag appears not to be the leaving of a secure site. The snag is that root document is secure but some of the embedded urls (images, frames, iframes etc) are unsecured. Whilst this again is a standard warning, it is one that should be avoided at all cost as it scares the stuff out of customers! 

AJ
www.deployview.com

Mourad Boulahboub wrote:

Hi João,

this is the standard alert message from internet explorer. Because you
go from https to http it get show up. This is no bug in your script or
either in the certificate. Try it by surfing to a secure website (not
yours) with https and then leave it by typining a non secured website
into the browser. You will get the same alert message from internet explorer

João Cândido de Souza Neto schrieb am 24.08.2006 22:26:

Hy everyone.
Since we change our ssl key from 128kb to a 256kb i notice that something´s going wrong.
In my e-commerce, part is secure and part isn´t. when i join into the secure part of the site, everithing works fine. But, when the sale is finishes and my script run header("Location: http://www.?????";) to exit from the secure part, the browser gives me a notice that some parts of the page i´ve been led to a non-secure region and ask me if i realy want to do that (it never had happened before). Thought i confirm by clicking in yes buttom, i doesn´t goes away from https. 

Now my question:

Has some difference between 128kb e 256kb ssl key?
There´s some way to fix it?

Thanks a lot in advance for any tips...




--
www.deployview.com
www.nerds-central.com
www.project-network.com

--- End Message ---
--- Begin Message --- 
Merlin wrote:

Hi there,
I do have a form where there is also a field with max 2000 characters the user can put in.
Now before processing the data with php, I do a checkin the script for certain criterias if something lookes wrong I do redirect him to the original form with inserting the data he has entered. I do this via GET 
e.g.: ?title=test&body=blablub
That works fine with one exception. If the user does enter 2000 characters (or a lot c.) they do get transfered via URL as well and that is not possible. Firfox for example then simply displays a blank page!!! It would be fine if he would return with just a few less characters, but at least display the error message I am providing. 

Now, 2 questions:
1) Does anybody know why firefox is shoing a blank page? If the URL does contain less characters, lets say 100 everything works fine. 2) How could I possibly save his entry? Maybe with the help of a cookie? But then, I do redirect to the page. So I do send a header. As far as I know this only once possible? 
For example:
setcookie('bla test'); HEADER("Location:".$data[rurl]."?error=".$error.$parameter); 

Definitely do this with sessions.
All browsers have a limit on the length of the url they can view (internet explorer's is less than firefox, not sure where opera or safari break but search your preferred search engine and you'll find the answer). 

--
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---
--- Begin Message --- 
sorry for that :(

Mourad Boulahboub schrieb am 24.08.2006 17:12:
> news.gmane.org
>

--- End Message ---

Reply via email to