[thelist] Testing for secure connection in PHP

Maximillian Schwanekamp anaxamaxan at neptunewebworks.com
Sat Apr 17 12:00:27 CDT 2004


Yeah, you're right.  Learn something new!  But to vainly attempt to save
face, a snip from the SSL spec[1]:
 The IANA reserved the following Internet
   Protocol [IP] port numbers for use in conjunction with SSL.

     443  Reserved for use by Hypertext Transfer Protocol with
          SSL (https).
     465  Reserved (pending) for use by Simple Mail Transfer Protocol
          with SSL (ssmtp).

The spec doesn't say an SSL connection must be on 443, only that port 443
should be reserved for SSL.  Browsers connect via port 443 by default on
HTTPS.  The browser would need to make a direct request (via link or typed
in) to connect via anything other than port 443.  A proper ecommerce setup
would block such a request unless it was intentional.  Ah well, I too was
mislead by the php manual that port detection was the only way, as there is
no mention of $_SERVER['HTTPS'] in the manual.  I'm glad to be corrected.

[1] http://wp.netscape.com/eng/ssl3/

Maximillian Von Schwanekamp
Dynamic Websites and E-Commerce
NeptuneWebworks.com
voice: 541-302-1438
fax: 208-730-6504




More information about the thelist mailing list