Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: Sessions, Data, SSL and Forms
11-04-2010, 10:22 PM #1
- Join Date
- Oct 2010
- Thanked 0 Times in 0 Posts
Sessions, Data, SSL and Forms
I have a form located in a folder, inside SSL. Once completed the form saves all data to a mysql database, all handled while never leaving SSL. I am assuming this process is secure. This form/process is called by link from the main page, which is not in SSL.
Once stored in the database, is it safe to retrieve any data from this database when not inside SSL? If so, I usually store said data in a session (using $_SESSION) - am I safe to assume the data is safe, even if not inside SSL?
I read somewhere that forms and the data posted by forms need to be protected, but data stored in $_SESSION does not need SSL, and I just wanted to clarify. Thanks.
11-04-2010, 10:27 PM #2
- Join Date
- Jul 2009
- South Yorkshire, England
- Thanked 304 Times in 303 Posts
SSL is the connection between the server and the client machine. Nothing more. Whatever happens either serverside or clientside is irrelevant. The layer is literally a tunnel between the server/client, protecting any data transmitted between the two and nothing more. SSL isn't any form of file, directory, session or other protection.