Re: [Dynapi-Help] secure http

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hmm, not sure about that one.  But the first part makes sense: you don't
want to start loading insecure data over a secure connection, because
then the data that is loaded is not going to be transmitted securely,
giving the false impression to the user that the entire session is
secure.  The second part, about the browser going into a loop and giving
an application error, seems like a bug a Doug suggested, but I have no
idea.

How are you calling this PHP script?  Is there any reason you can't use
a secure URL to the PHP script in the JS code?
https://domain.dom/sql.php  Then, you are just talking HTTP over a
secure connection, and the browser won't know or care what the PHP
script does insecurely while talking to the database (which could be
another point of concern from the security view).  I use a plain PHP
script over HTTPS to get data from a MySQL server.  I've used ioelement
to talk to both Perl and PHP scripts, over HTTPS.  But in my case, all
these servers are running on the same mahine and I have total control
over it, so I know it's configured to work the way I expect.  I haven't
tried having the initial web page on one HTTPS server, and calling the
PHP from a separate HTTP/HTTPS server, which may be what you're doing.

If you have control over the database machine, and it's a UNIX box, you
can install a program that enables SSL connections to arbitrary server
programs, with no modification to the server.  Two such programs I am
aware of (both use OpenSSL) are stunnel and sslwrap.  I'm using stunnel
for SWAT (Samba Web Administration Tool), which doesn't use Apache, it
has it's own web server functionality, but specifically for the task at
hand.

Leif

----- Original Message ----- 
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Monday, May 03, 2004 9:47 AM
Subject: Re: [Dynapi-Help] secure http

> Sorry, I should have been more specific in my original email. I am
using
> Dynapi 3 with ioelement.js to get data from a database via php
scripts. It
> works fine when it's running over http (port 80). When I switch to
https
> (port 443), Mozilla gives me the following warning:
>
> Although this page is encrypted, the information you have entered is
to be
> sent over an unencrypted connection and could easily be read by a
third
> party.
>
> It asks me if wish to continue.... I click yes and then mozilla goes
into a
> loop and gets an application error. Any idea on how I can fix this. I
really
> need to be able to use secure http for my application.
>
> Jeremy
>
> ----- Original Message ----- 
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Friday, April 30, 2004 10:08 PM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Work in what way?  It should work fine in a general sense.  The
browser
> > handles the connection to the server.  The server does not care what
the
> > file contents are, they are just static javascript files.  The
browser
> > handles running the JavaScript, the server has no part in this
process.
> > I have a local copy of CVS with some of my tinkerings in it, so it's
a
> > "dirty" copy of the CVS, but it's 99.99% untouched.  You can see it
at
> > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > redirects to the secure site.  I did most of my work with IOElement
and
> > SODA here.
> >
> > :D  Ohh yeah, the site is down right now, as I'm modifying some
Apache
> > config settings, to get more details in my log files, and I kind of
shut
> > the site off and started modifying some live files so I can't turn
it
> > back up until the configs are finished.  Should be tonight or
tomorrow,
> > once I am able to finish.
> >
> > In any case, what are you trying now and what isn't working?
> >
> > Leif
> >
> > ----- Original Message ----- 
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Friday, April 30, 2004 3:35 PM
> > Subject: [Dynapi-Help] secure http
> >
> >
> > > Is anyone aware of a way to get DynAPI 3 working with a secure
http
> > server?
> > >
> > > Thanks,
> > >
> > > Jeremy
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>