ssl - securing portion of website

Status
Not open for further replies.
I

ibexpiotr

In Runtime
Messages
243
Location
New York
scenario:
we have a website with different forms. in certain forms users fill in personal information, we want to secure the transaction with ssl. how do we go about doing this, we dont want the whole website to be https, just certain pages containing the forms
 
update:
i know that the action on the form page should look something like <form action="https://blahblhahh....>
how do i make the receiving page ssl secure, without securing the whole website thus slowing down the page.
 
ibexpiotr said:
update:
i know that the action on the form page should look something like <form action="https://blahblhahh....>
how do i make the receiving page ssl secure, without securing the whole website thus slowing down the page.
Click to expand...
What exactly do you mean by "receiving page"? Since the action="" is the form's 'receiving page' (assuming you mean where the form's query goes), and thus what you've listed should work since you're forwarding to an SSL page. Is this not happening? If not, do you get any errors?
 
nothing is setup yet with ssl. i like to make sure i got the right idea of how this should be setup before we move with anything.
we have a form that users submit their information into,..and im guessing it gets put into a database...im not sure since i havent worked on this, and all i know is that they want me to figure out a way for the information to be submitted/transfered securely (with https)
 
Ah okay. Well yep, what you've said is the right way to go about it (I did a quick Google search and HTML Form Tutorial: Advanced topics on HTML forms seems a reputable site which suggests this exact method)

And as an FYI (since you said "we dont want the whole website to be https, just certain pages containing the forms" in the OP), it's worth pointing out that once SSL is setup, the whole website *can* be https. It's your choice. As in, if your homepage is http://www.example.com/index.php, once you have SSL setup you can naturally still use http://www.example.com/index.php, however you can also go to https://www.example.com/index.php which will transmit via SSL instead. (Naturally your internal links will be pointing to standard http so it's kind of a moot point, I just wanted to bring it up as an FYI)

So anywhoo, once SSL is setup you can still have the website in standard http as normal - including the page with the form.

Then you (as you rightly pointed out) set the form's action to be https and that'll send just the form's data submission via SSL. (Then the receiving page can put the data into a database as needed).

Hope this makes sense, apologies if not!
 
Status
Not open for further replies.

Similar threads

grantheo
Asking for your feedback on a PHP code security scanner in beta
Replies
1
Views
864
grantheo
grantheo
O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
931
once2023
O
D
Who needs SSL security software?
Replies
3
Views
2K
markanderson
markanderson
CloudniumSupport
Deciding on the right hosting provider:
Replies
1
Views
568
brownelsa1318
B
Andrewx
Why Blogging Seems Harder in 2023
Replies
1
Views
805
fusionha
F
Back
Top Bottom