[PHP] SSL, PHP, MySQL
Hi all, I was wondering if anyone could direct me to some good tutorials on how to utilize PHP to access a MySQL database behind SSL. I have been searching PHPBuilder.com, PHPClasses.org, and hotscripts.com, and I can't seem to find any good tutorials for a beginner when it comes to SSL. I do have a fairly good working knowledge of PHP and MySQL so I'm not necessarily looking for a guide on that, I just need to know how to pass encrypted data back and forth. Here is the scenario: My client has a website in which a customer will be purchasing gift certificates online. They don't need a comprehensive e-commerce package, just simple information passed across a secure connection, such as: user names, passwords, credit cards and mailing addresses. We already have a MySQL db set up with the gift certificate package information. I just need to be able to store the customer information for retrieval later by the owners of the site. Joshua Minnie [EMAIL PROTECTED] Independent Web Consultant / Developer Wild Web Technology www.wildwebtech.com -- Server Information: + PHP v. 4.2.3 + Apache 1.3.26 + MySQL 3.23.53 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SSL, PHP, MySQL
I think you may need to read: http://www.php.net/manual/en/function.mysql-connect.php It appears that the SSL client flag for connecting to MYSQL is not available until 4.3.0, but you can pick up the 4.3.0RC3 version now, and test it out! I _think_ this is what you are looking for. HTH -Brad Joshua Minnie wrote: Hi all, I was wondering if anyone could direct me to some good tutorials on how to utilize PHP to access a MySQL database behind SSL. I have been searching PHPBuilder.com, PHPClasses.org, and hotscripts.com, and I can't seem to find any good tutorials for a beginner when it comes to SSL. I do have a fairly good working knowledge of PHP and MySQL so I'm not necessarily looking for a guide on that, I just need to know how to pass encrypted data back and forth. Here is the scenario: My client has a website in which a customer will be purchasing gift certificates online. They don't need a comprehensive e-commerce package, just simple information passed across a secure connection, such as: user names, passwords, credit cards and mailing addresses. We already have a MySQL db set up with the gift certificate package information. I just need to be able to store the customer information for retrieval later by the owners of the site. Joshua Minnie [EMAIL PROTECTED] Independent Web Consultant / Developer Wild Web Technology www.wildwebtech.com -- Server Information: + PHP v. 4.2.3 + Apache 1.3.26 + MySQL 3.23.53 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SSL, PHP, MySQL
What about utilizing an encrypted text file then. Would there be anything wrong with doing it that way? I really don't have too much of an option as far as the server specs go because I didn't set up the web hosting. -Josh Brad Bonkoski wrote: I think you may need to read: http://www.php.net/manual/en/function.mysql-connect.php It appears that the SSL client flag for connecting to MYSQL is not available until 4.3.0, but you can pick up the 4.3.0RC3 version now, and test it out! I _think_ this is what you are looking for. HTH -Brad Joshua Minnie wrote: Hi all, I was wondering if anyone could direct me to some good tutorials on how to utilize PHP to access a MySQL database behind SSL. I have been searching PHPBuilder.com, PHPClasses.org, and hotscripts.com, and I can't seem to find any good tutorials for a beginner when it comes to SSL. I do have a fairly good working knowledge of PHP and MySQL so I'm not necessarily looking for a guide on that, I just need to know how to pass encrypted data back and forth. Here is the scenario: My client has a website in which a customer will be purchasing gift certificates online. They don't need a comprehensive e-commerce package, just simple information passed across a secure connection, such as: user names, passwords, credit cards and mailing addresses. We already have a MySQL db set up with the gift certificate package information. I just need to be able to store the customer information for retrieval later by the owners of the site. Joshua Minnie [EMAIL PROTECTED] Independent Web Consultant / Developer Wild Web Technology www.wildwebtech.com -- Server Information: + PHP v. 4.2.3 + Apache 1.3.26 + MySQL 3.23.53 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SSL, PHP, MySQL
I would say it really all depends on your network configuration. I am assuming that your Web server running PHP is running on one machine (SERVER A)and the MYSQL server running on another (SERVER B)outside of a common firewall? Is this accurate? If this is true, then I would presume that PHP on SERVER A could encrypt a datafile with MYSQL instructions and send it securely to SERVER B, but then who would un-encrypt it and feed it to MYSQL? You might want to look into other alternative like tunneling with SSH or 'stunnel'. I remember hearing some about it, but have not real experience with it. do a search on some MYSQL mailing lists for some insight. Or ask on the PHP-DB mailing list and you may be able to target a better qualified audience. -Brad Joshua Minnie wrote: What about utilizing an encrypted text file then. Would there be anything wrong with doing it that way? I really don't have too much of an option as far as the server specs go because I didn't set up the web hosting. -Josh Brad Bonkoski wrote: I think you may need to read: http://www.php.net/manual/en/function.mysql-connect.php It appears that the SSL client flag for connecting to MYSQL is not available until 4.3.0, but you can pick up the 4.3.0RC3 version now, and test it out! I _think_ this is what you are looking for. HTH -Brad Joshua Minnie wrote: Hi all, I was wondering if anyone could direct me to some good tutorials on how to utilize PHP to access a MySQL database behind SSL. I have been searching PHPBuilder.com, PHPClasses.org, and hotscripts.com, and I can't seem to find any good tutorials for a beginner when it comes to SSL. I do have a fairly good working knowledge of PHP and MySQL so I'm not necessarily looking for a guide on that, I just need to know how to pass encrypted data back and forth. Here is the scenario: My client has a website in which a customer will be purchasing gift certificates online. They don't need a comprehensive e-commerce package, just simple information passed across a secure connection, such as: user names, passwords, credit cards and mailing addresses. We already have a MySQL db set up with the gift certificate package information. I just need to be able to store the customer information for retrieval later by the owners of the site. Joshua Minnie [EMAIL PROTECTED] Independent Web Consultant / Developer Wild Web Technology www.wildwebtech.com -- Server Information: + PHP v. 4.2.3 + Apache 1.3.26 + MySQL 3.23.53 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SSL, PHP, MySQL
I will try on the PHP-DB newsgroup as well, but I wanted to let you know about a link I found which shows the integration of SSL with MySQL and PHP. Here is the link: http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html. Thanks for the help. -Josh Brad Bonkoski [EMAIL PROTECTED] wrote: I would say it really all depends on your network configuration. I am assuming that your Web server running PHP is running on one machine (SERVER A)and the MYSQL server running on another (SERVER B)outside of a common firewall? Is this accurate? If this is true, then I would presume that PHP on SERVER A could encrypt a datafile with MYSQL instructions and send it securely to SERVER B, but then who would un-encrypt it and feed it to MYSQL? You might want to look into other alternative like tunneling with SSH or 'stunnel'. I remember hearing some about it, but have not real experience with it. do a search on some MYSQL mailing lists for some insight. Or ask on the PHP-DB mailing list and you may be able to target a better qualified audience. -Brad Joshua Minnie wrote: What about utilizing an encrypted text file then. Would there be anything wrong with doing it that way? I really don't have too much of an option as far as the server specs go because I didn't set up the web hosting. -Josh Brad Bonkoski wrote: I think you may need to read: http://www.php.net/manual/en/function.mysql-connect.php It appears that the SSL client flag for connecting to MYSQL is not available until 4.3.0, but you can pick up the 4.3.0RC3 version now, and test it out! I _think_ this is what you are looking for. HTH -Brad Joshua Minnie wrote: Hi all, I was wondering if anyone could direct me to some good tutorials on how to utilize PHP to access a MySQL database behind SSL. I have been searching PHPBuilder.com, PHPClasses.org, and hotscripts.com, and I can't seem to find any good tutorials for a beginner when it comes to SSL. I do have a fairly good working knowledge of PHP and MySQL so I'm not necessarily looking for a guide on that, I just need to know how to pass encrypted data back and forth. Here is the scenario: My client has a website in which a customer will be purchasing gift certificates online. They don't need a comprehensive e-commerce package, just simple information passed across a secure connection, such as: user names, passwords, credit cards and mailing addresses. We already have a MySQL db set up with the gift certificate package information. I just need to be able to store the customer information for retrieval later by the owners of the site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SSL php
Dear all, If I use a php script in a SSL webpage I will be using a remote email address to send the incoming data (personal details, name address etc...) to... e.g. [EMAIL PROTECTED] using the standard mail() function. SSL is secure for the interface between the user and the webpage and I understand that once the email has reached its destination ([EMAIL PROTECTED]) it is only secure on the strength the mailbox username/password. My question is: How secure is the email in transit from the SSL page to the recipient's mailbox? Does SSL offer any security in this regard? Or does it need to be encrypted? Thanks Colm Rafferty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] SSL php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello! How secure is the email in transit from the SSL page to the recipient's mailbox? A Does SSL offer any security in this regard? B Or does it need to be encrypted? Answer is: B :) you - ssl encrypted line - server | | | | V nonecure puretext mail transfer Cece -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE77Utv6MQc5qvp58IRAlcTAKCUwD/OP1jKdRTphuWCt4da0EsBDACdFShY SKaZMYXkjUj9eAIZpTURu7A= =5FIh -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] SSL php
SSL encrypts the data between the user and your webserver only It does not encrypt data send by you to your mailserver, nor does it influence the way your mailserver sends the mailmessage to the mailserver of the user. (in plain text) So, you need to encrypt the data in the email. It is however not that easy to catch a mailmessage while in transit and I assume that both you mailserver and the mailserver of the user are both secure. Thus for simple things this mostly isn't a real issue. If you use encryption you might want to use something standard like PGP, so the user can use his normal email program to read the mail. Robert Klinkenberg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]