Menu
▾
▴
Re: [Dynapi-Help] secure http
|
From: Jeremy W. <je...@ma...> - 2004-05-05 14:26:33
|
Leif,
What you have described is exactly what I am trying to do.
> script over HTTPS to get data from a MySQL server. I've used ioelement
> to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> these servers are running on the same mahine and I have total control
Because Mozilla crashes, I'm having a difficult time debugging the error.
IE's script debugger says it's crashing in _monitorTransactions in
ioelement.js. at the following if statement:
elm=this.getScope(r[4]);
if(elm && elm.document && !elm.document._tranState){
So I'm assuming the getScope function on the previous line is returning a
null value. I'm not sure why this would be, and maybe I'm way off base. The
only other thing I'm wondering about is if the following lines are causing a
problem in _doRequest
if (url.indexOf('http')!=0) {
if (url.substr(0,1)=='/') url =
'http://'+dynapi.frame.document.domain+url;
else url = dynapi.documentPath+url;
}
Did you have to change these lines to set the url variable to start with
https rather than http?
Thanks for your help.
Jeremy
----- Original Message -----
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Monday, May 03, 2004 11:22 AM
Subject: Re: [Dynapi-Help] secure http
> Hmm, not sure about that one. But the first part makes sense: you don't
> want to start loading insecure data over a secure connection, because
> then the data that is loaded is not going to be transmitted securely,
> giving the false impression to the user that the entire session is
> secure. The second part, about the browser going into a loop and giving
> an application error, seems like a bug a Doug suggested, but I have no
> idea.
>
> How are you calling this PHP script? Is there any reason you can't use
> a secure URL to the PHP script in the JS code?
> https://domain.dom/sql.php Then, you are just talking HTTP over a
> secure connection, and the browser won't know or care what the PHP
> script does insecurely while talking to the database (which could be
> another point of concern from the security view). I use a plain PHP
> script over HTTPS to get data from a MySQL server. I've used ioelement
> to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> these servers are running on the same mahine and I have total control
> over it, so I know it's configured to work the way I expect. I haven't
> tried having the initial web page on one HTTPS server, and calling the
> PHP from a separate HTTP/HTTPS server, which may be what you're doing.
>
> If you have control over the database machine, and it's a UNIX box, you
> can install a program that enables SSL connections to arbitrary server
> programs, with no modification to the server. Two such programs I am
> aware of (both use OpenSSL) are stunnel and sslwrap. I'm using stunnel
> for SWAT (Samba Web Administration Tool), which doesn't use Apache, it
> has it's own web server functionality, but specifically for the task at
> hand.
>
> Leif
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Monday, May 03, 2004 9:47 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Sorry, I should have been more specific in my original email. I am
> using
> > Dynapi 3 with ioelement.js to get data from a database via php
> scripts. It
> > works fine when it's running over http (port 80). When I switch to
> https
> > (port 443), Mozilla gives me the following warning:
> >
> > Although this page is encrypted, the information you have entered is
> to be
> > sent over an unencrypted connection and could easily be read by a
> third
> > party.
> >
> > It asks me if wish to continue.... I click yes and then mozilla goes
> into a
> > loop and gets an application error. Any idea on how I can fix this. I
> really
> > need to be able to use secure http for my application.
> >
> > Jeremy
> >
> > ----- Original Message -----
> > From: "Leif W" <war...@us...>
> > To: <dyn...@li...>
> > Sent: Friday, April 30, 2004 10:08 PM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Work in what way? It should work fine in a general sense. The
> browser
> > > handles the connection to the server. The server does not care what
> the
> > > file contents are, they are just static javascript files. The
> browser
> > > handles running the JavaScript, the server has no part in this
> process.
> > > I have a local copy of CVS with some of my tinkerings in it, so it's
> a
> > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it
> at
> > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > > redirects to the secure site. I did most of my work with IOElement
> and
> > > SODA here.
> > >
> > > :D Ohh yeah, the site is down right now, as I'm modifying some
> Apache
> > > config settings, to get more details in my log files, and I kind of
> shut
> > > the site off and started modifying some live files so I can't turn
> it
> > > back up until the configs are finished. Should be tonight or
> tomorrow,
> > > once I am able to finish.
> > >
> > > In any case, what are you trying now and what isn't working?
> > >
> > > Leif
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Friday, April 30, 2004 3:35 PM
> > > Subject: [Dynapi-Help] secure http
> > >
> > >
> > > > Is anyone aware of a way to get DynAPI 3 working with a secure
> http
> > > server?
> > > >
> > > > Thanks,
> > > >
> > > > Jeremy
> > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
