Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Oct 2010
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Sessions, Data, SSL and Forms

    I have a form located in a folder, inside SSL. Once completed the form saves all data to a mysql database, all handled while never leaving SSL. I am assuming this process is secure. This form/process is called by link from the main page, which is not in SSL.

    Once stored in the database, is it safe to retrieve any data from this database when not inside SSL? If so, I usually store said data in a session (using $_SESSION) - am I safe to assume the data is safe, even if not inside SSL?

    I read somewhere that forms and the data posted by forms need to be protected, but data stored in $_SESSION does not need SSL, and I just wanted to clarify. Thanks.

  • #2
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    SSL is the connection between the server and the client machine. Nothing more. Whatever happens either serverside or clientside is irrelevant. The layer is literally a tunnel between the server/client, protecting any data transmitted between the two and nothing more. SSL isn't any form of file, directory, session or other protection.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •