On Fri, Aug 13, 2004 at 12:37:09PM -0400, Private Tech wrote: : My question is what's wrong with this page, is it the ssl or the php? : : It seems like the php is jamming the backdoor open. I say this : because the redirect pops up when you go for a page that has been moved : or deleted. But the transactions and input screens showed php extensions : in the browser's address window.
The implementation language (PHP) has nothing to do with it. PHP code -- and JSP, ASP, etc. -- is parsed by the server, not the browser. SSL isn't necessarily the culprit, either: that simply encrypts the transit between the browser and server. What either party does with the data once it reaches their end, that's outside the realm of SSL. It sounds more like a problem of the implementation's design: perhaps the architects/developers didn't set any pragma: no-cache headers in the response. (Although, I recall, many browsers are set by default to not cache SSL content for this very reason. Some at least have an option to enable/disable such a feature.) Perhaps the browser itself is defective or misconfigured in that it ignores no-cache requests. There are several other potential app-design failures, but that's the root of the matter. btw, most webservers are highly configurable: there's no guarantee that a request URI ending in ".php" is indeed PHP, no more than a URI ending in ".html" is a static file on the server. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
