FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


SSL Certificates





polly-gone
If I use an SSL certificate on my website, does that mean that it is safe to store confidential information in places like a MySQL database?

Thanks,

-Nick Smile Smile Smile
Hogwarts
polly-gone wrote:
If I use an SSL certificate on my website, does that mean that it is safe to store confidential information in places like a MySQL database?

Nope. An SSL certificate means that people between you and your server, such as your ISP or a malicious third party, are unable to see what you're sending and receiving.

As a rule of thumb, if you (the author, owner, creator) are able to access one of your user's confidential credentials, your users credentials can possibly be compromised, and that's bad Sad

Basically, you shouldn't store anything in your database that people wouldn't care about sharing, beyond the realms of, say, private messages.
AftershockVibe
Hogwarts wrote:
polly-gone wrote:
If I use an SSL certificate on my website, does that mean that it is safe to store confidential information in places like a MySQL database?

Nope. An SSL certificate means that people between you and your server, such as your ISP or a malicious third party, are unable to see what you're sending and receiving.


Actually, that's not what a certificate is for. HTTPS (using SSL itself) does all that and you don't need a certificate.

What the Certificate does is tell you that the server you are connected to is vouched for by a certificate authority. Whether you trust the authority or not is another matter, although these are reputable companies which provide this service. You can also have self-signed certificates which most browsers will notify you about.

This means that should someone redirect the traffic to yourbank.com to another (malicious) server instead of the real one, then they won't have a certificate or the same certificate seen before. Hopefully the user or browser will notice this.
polly-gone
So if I am going to store confidential information in a database, I am going to want to use an encrypted database?

And how do I go about using HTTPS?

-Nick Smile Smile Smile
Hogwarts
AftershockVibe wrote:
Actually, that's not what a certificate is for. HTTPS (using SSL itself) does all that and you don't need a certificate.

What the Certificate does is tell you that the server you are connected to is vouched for by a certificate authority. Whether you trust the authority or not is another matter, although these are reputable companies which provide this service. You can also have self-signed certificates which most browsers will notify you about.

This means that should someone redirect the traffic to yourbank.com to another (malicious) server instead of the real one, then they won't have a certificate or the same certificate seen before. Hopefully the user or browser will notice this.

Given we're on a free host, I just assumed he wouldn't be looking for a (costly) SSL Certificate, and thus was referencing SSL encrypted traffic based upon his focus on the security aspects.
albuferque
Probably it's a shared SSL certificate, it'd be good what type of shared certificate is.

Shared SSL usually takes one of the following forms:

a) Wild card certificate pointing at the customer's document root
Secure: https://yourusername.yourhostingcompany.com
Non-secure http://www.yourdomain.com

b) Standard certificate with a user directory path, typically this points to a separate directory where you can upload the pages you want to be secured.

c) Standard certificate accessible from the hosting companies available package shopping cart. This is a mix of a) and b) but the shared certificate is only usable from within the provided shopping carts.
Related topics
How to get backup from server to my computer
which domain registrar provide best control panel...?
Any suggestion on add-on services that work with Frihost?
How to using SSL
SSL Ever on Frihost?
cURL - What is it ? And How it works ??
plesk control panel
How do I add a secure page to my site?
Lets talk about SSL certificates!
SSL Certificates
SSL certificates
Webspace is not working ( /domains )
Reseller Hosting
Stop Online Piracy Act (SOPA)
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.