Menu
▾
▴
#1 Information about SSL
The SECURITY guide should contain some information
about SSL and in general about the way PHP Shell sends
all information over the wire in clear text.
Possible Threats
----------------
Aside the obvious threat of someone guessing your
password, there is another threat when using PHP Shell:
all communication is done in clear text!
This means that anybody who is able to intercept the
trafic between your browser and the server will receive
the password, all the commands you type, and all the
output of those commands. Using hashed passwords makes
no difference here, the password is still sent in the
clear and is only hashed after having arrived at the
server.
With a normal network setup your traffic will go
through a number of intermediate nodes before reaching
its goal. For example, when my browser sends the
password, it has to go through no less than 15
computers before reaching the server. Any of those
computers could potentially save the traffic for later
analysis and so save the password.
So counter this threat you can establish an encrypted
connection between the browser and the server. This is
called an SSL (Secure Socket Layer) connection and one
runs HTTPS (Secure HTTP) over it.
Unfortunately you cannot just create such a connection
without first installing a SSL certificate on the
server, something which the server administrator will
have to do for you. Furthermore, a real SSL
certificate costs money, and if you are willing to pay
for such a certificate, then you are probably also
willing to pay for a quality host which offers SSH access.
So: SSL is the anwser to the threat of eavesdropping,
but if you have SSL available, then you probably also
have SSH available, and thus no need for PHP Shell ---
a funny chicken-and-egg problem :-)
Logged In: YES
user_id=1264592
I've added the text to my local repository, it will be part
of the next release.