PHP and MySQL Web Development - P73 ppt
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (76.37 KB, 5 trang )
332
Chapter 15 Implementing Secure Transactions with PHP and MySQL
If we are providing a Web interface to send GPG encrypted mail, the flow of informa-
tion will look something like Figure 15.5.
3
Recipient’s
Mail
Server
2
Sender’s
Browser
Recipient’s
Mail
Client
Web
Server
1
Figure 15.5 In our encrypted email application, the
message is sent via the Internet three times.
In this figure, each arrow represents our message being sent from one machine to anoth-
er. Each time the message is sent, it travels through the Internet and might pass through
a number of intermediary networks and machines.
The script we are looking at here exists on the machine labeled Web Server in the
diagram. At the Web server, the message will be encrypted using the recipient’s public
key. It will then be sent via SMTP to the recipient’s mail server.The recipient will con-
nect to his mail server, probably using POP or IMAP, and download the message using a
mail reader. Here he will decrypt the message using his private key.
The data transfers in Figure 15.5 are labeled 1, 2, and 3. For stages 2 and 3, the infor-
mation being transmitted is a GPG encrypted message and is of little value to anybody
who does not have the private key. For transfer 1, the message being transmitted is the
text that the sender entered in the form.
If our information is important enough that we need to encrypt it for the second and
third leg of its journey, it is a bit silly to send it unencrypted for the first leg.Therefore,
this script belongs on a server that uses SSL.
If we connect to our script using a port other than 443, it will provide a warning.
This is the default port for SSL. If your server uses a non-default port for SSL, you
might need to modify this code.
Rather than providing an error message, we could deal with this situation in other
ways.We could redirect the user to the same URL via an SSL connection.We could also
choose to ignore it because it is not usually important if the form was delivered using a
secure connection.What is usually important is the details that the user has typed into
the form are sent to us securely.We could simply have given a complete URL as the
action of our form.
Currently, our open form tag looks like this:
<form method="post" action="send_private_mail.php">
We could alter it to send data via SSL even if the user connected without SSL, like this:
<form method="post" action="https://webserver/send_private_mail.php">
If we hard code the complete URL like this, we can be assured that visitors’ data will be
sent using SSL, but we will need to modify the code every time we use it on another
server or even in another directory.
19 525x ch15 1/24/03 3:41 PM Page 332
333
Next
Although in this case, and many others, it is not important that the empty form is
sent to the user via SSL, it is usually a good idea to do so. Seeing the little padlock sym-
bol in the status bar of their browsers reassures people that their information is going to
be sent securely.They should not need to look at your HTML source and see what the
action attribute of the form is.
Further Reading
The specification for SSL version 3.0 is available from Netscape:
/>If you would like to know more about how networks and networking protocols work, a
classic introductory text is Andrew S.Tanenbaum’s Computer Networks.
Next
That wraps up our discussion of e-commerce and security issues. In the next section,
we’ll look at some more advanced PHP techniques including interacting with other
machines on the Internet, generating images on-the-fly, and using session control.
19 525x ch15 1/24/03 3:41 PM Page 333
19 525x ch15 1/24/03 3:41 PM Page 334
IV
Advanced PHP Techniques
16 Interacting with the File System and the Server
17 Using Network and Protocol Functions
18 Managing the Date and Time
19 Generating Images
20 Using Session Control in PHP
21 Other Useful Features
20 525x part4 1/24/03 3:38 PM Page 335
20 525x part4 1/24/03 3:38 PM Page 336
