php/drupal 网站中的 SSL
在我正在创建的网站之一中,要求使用 ssl。但我对此一无所知。我知道 ssl 用于安全站点。但开发过程中会有什么不同,我应该从哪里开始呢? 我看到了这个 http://php.net/manual/en/book.openssl.php 和这个http://www.openssl.org/ 那么是否可以在不购买带有 open ssl 的 ssl 的情况下执行此操作?
我猜你是这样检测的......
if (isset($_SERVER['HTTPS']) )
{
echo "SECURE: This page is being accessed through a secure connection.<br><br>";
}
else
{
echo "UNSECURE: This page is being access through an unsecure connection.<br><br>";
}
请告诉我从哪里开始以及我需要知道的基础知识。
In One of the website am creating there is a requirement to use ssl. But i have no idea about this whatsoever. I know ssl is for secure sites. But what difference will be there in development and where do i get started?
I saw this
http://php.net/manual/en/book.openssl.php
and this http://www.openssl.org/
so it possible to do this without buying an ssl with open ssl?
I guess this how u detect....
if (isset($_SERVER['HTTPS']) )
{
echo "SECURE: This page is being accessed through a secure connection.<br><br>";
}
else
{
echo "UNSECURE: This page is being access through an unsecure connection.<br><br>";
}
Please tell me where to get started and the basics i need to know.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
SSL 通常由 Web 服务器协商。您需要安装一个证书,Web 服务器将使用该证书在调用 PHP 之前与每个客户端协商安全连接。是的,您需要付费购买官方验证的证书。通常,您可以通过托管提供商轻松完成这一切。如果您需要有关自行安装证书的更多帮助,请尝试 http://serverfault.com。
理想情况下,这对于您的发展来说毫无意义。如果您的网站没有做出任何在安全或不安全连接上运行的假设,那么无论哪种方式它都应该运行良好,因为网络服务器正在为您处理详细信息。如果您自己生成完整链接(包括架构
http://),则必须小心。如果您要设置任何 cookie,您应该检查它们是否具有secure标志以及这对您的系统意味着什么。OpenSSL 扩展与此上下文中的任何内容都没有太大关系。
SSL is usually negotiated by the web server. You need to install a certificate that the web server will use to negotiate a secure connection with each client, before PHP is even invoked. And yes, you will need to pay for an officially validated certificate. Usually you can do all this very easily through your hosting provider. If you need more help on installing a certificate yourself, try http://serverfault.com.
Ideally, for your development this means nothing at all. If your website doesn't make any presumptions to be running on a secured or unsecured connection, it should run fine either way, since the web server is handling the details for you. If you are generating full links yourself (including the schema,
http://), you must be careful there. If you're setting any cookies, you should check whether these have thesecureflag or not and what that means for your system.The OpenSSL extension doesn't have much to do with any of this in this context.
如果您的网站有一些安全页面和一些不安全页面,也会产生影响。有一个名为“securepages”的模块,可以让大部分工作变得非常简单。当然,你还是要像上面提到的那样设置证书。
It also makes a difference if your site has some secure pages and some insecure ones. There is a module called "securepages" that makes most of that really easy. Of course, you still have to set up the certificate as the people mentioned above.