View Full Version : Sessions, Data, SSL and Forms

11-04-2010, 10:22 PM
I have a form located in a folder, inside SSL. Once completed the form saves all data to a mysql database, all handled while never leaving SSL. I am assuming this process is secure. This form/process is called by link from the main page, which is not in SSL.

Once stored in the database, is it safe to retrieve any data from this database when not inside SSL? If so, I usually store said data in a session (using $_SESSION) - am I safe to assume the data is safe, even if not inside SSL?

I read somewhere that forms and the data posted by forms need to be protected, but data stored in $_SESSION does not need SSL, and I just wanted to clarify. Thanks.

11-04-2010, 10:27 PM
SSL is the connection between the server and the client machine. Nothing more. Whatever happens either serverside or clientside is irrelevant. The layer is literally a tunnel between the server/client, protecting any data transmitted between the two and nothing more. SSL isn't any form of file, directory, session or other protection.