[thelist] Testing for secure connection in PHP
Maximillian Schwanekamp
anaxamaxan at neptunewebworks.com
Sat Apr 17 12:00:27 CDT 2004
Yeah, you're right. Learn something new! But to vainly attempt to save
face, a snip from the SSL spec[1]:
The IANA reserved the following Internet
Protocol [IP] port numbers for use in conjunction with SSL.
443 Reserved for use by Hypertext Transfer Protocol with
SSL (https).
465 Reserved (pending) for use by Simple Mail Transfer Protocol
with SSL (ssmtp).
The spec doesn't say an SSL connection must be on 443, only that port 443
should be reserved for SSL. Browsers connect via port 443 by default on
HTTPS. The browser would need to make a direct request (via link or typed
in) to connect via anything other than port 443. A proper ecommerce setup
would block such a request unless it was intentional. Ah well, I too was
mislead by the php manual that port detection was the only way, as there is
no mention of $_SERVER['HTTPS'] in the manual. I'm glad to be corrected.
[1] http://wp.netscape.com/eng/ssl3/
Maximillian Von Schwanekamp
Dynamic Websites and E-Commerce
NeptuneWebworks.com
voice: 541-302-1438
fax: 208-730-6504
More information about the thelist
mailing list