Alex108 Posted February 7, 2011 Share Posted February 7, 2011 I have never worked with SSL certificates before, so i wanted to ask some questions about SSL.There is a website, let's call it A that gives a particular paid service to a group of websites (group . When a registered user from any of websites B wants to use A he have to send to A some information includes user name and password. To owner of a B group convenient to use the same usernames and passwords for all these services. The one who can take possession of these data will be able to use sites A and B as well which is unacceptable. The question is: is the SSL could be a good solution for this situation? And do we can use the same usernames and passwords for A and B or it is better to use different usernames and passwords anyway? And is it correct that the owner of these websites needs to buy a SSL certificate for website A only. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 7, 2011 Share Posted February 7, 2011 Those are two different issues. SSL encrypts traffic, it doesn't deal with usernames or passwords in any way. A site served over SSL has its traffic encrypted so that other people trying to spy on the traffic can't read the data. A normal SSL certificate will only secure a single domain, such as www.google.com but not google.com. A wildcard certificate can secure any subdomain, like *.google.com. I'm not aware of certificates which let you secure multiple domains, usually individual certificates are required. Link to comment Share on other sites More sharing options...
Alex108 Posted February 7, 2011 Author Share Posted February 7, 2011 Those are two different issues. SSL encrypts traffic, it doesn't deal with usernames or passwords in any way. A site served over SSL has its traffic encrypted so that other people trying to spy on the traffic can't read the data. A normal SSL certificate will only secure a single domain, such as www.google.com but not google.com. A wildcard certificate can secure any subdomain, like *.google.com. I'm not aware of certificates which let you secure multiple domains, usually individual certificates are required.All these websites have different domain names. Does it mean that SSL encrypts data which is coming from A to sites B only or it is also encrypts data that is coming from group B to A? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 7, 2011 Share Posted February 7, 2011 It only encrypts traffic between the user's browser and whatever site they are viewing, as long as that site has a certificate installed and they access it over HTTPS. Link to comment Share on other sites More sharing options...
Alex108 Posted February 7, 2011 Author Share Posted February 7, 2011 It only encrypts traffic between the user's browser and whatever site they are viewing, as long as that site has a certificate installed and they access it over HTTPS. But if i understand you correctly it is a positive answer. Different users can have encrypted traffic with one site using HTTPS. I mentioned passwords only to show why encryption is important. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 7, 2011 Share Posted February 7, 2011 That's correct, when you install the certificate for the domain, you can have as many people as you want access the domain over HTTPS to have their traffic encrypted. Link to comment Share on other sites More sharing options...
Alex108 Posted February 8, 2011 Author Share Posted February 8, 2011 Thank you!Now, for example i have a website http://www.IhaveSSL.com with SSL certificate and i want to sent data to this site. Without SSL i can just create a form <form action="http://www.IhaveSSL.com/read_message.php" method="post"> etc.But if now it works with SSL how it affects a code? There must first be a secure connection established. Link to comment Share on other sites More sharing options...
Greywacke Posted February 8, 2011 Share Posted February 8, 2011 as far as i am aware, what you need to do is emulate a client form submittal to the domain - then send it via ssl to the domain you mentioned. that would mean that domain would have to have the ssl certificate installed correctly. Link to comment Share on other sites More sharing options...
Alex108 Posted February 8, 2011 Author Share Posted February 8, 2011 Does it mean that i'll use the same form, but with https instead of http in URL:<form action="https://www.IhaveSSL.com/read_message.php" method="post">? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 8, 2011 Share Posted February 8, 2011 If all you're doing is submitting a form, then yeah you just need to change the scheme to https. Link to comment Share on other sites More sharing options...
Alex108 Posted February 8, 2011 Author Share Posted February 8, 2011 If all you're doing is submitting a form, then yeah you just need to change the scheme to https.Thank you very much! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.