• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

Do I need secure socket layer for second php processing page that user does not visit?

My PHP form page has in it a FLEX (flash movie) form to collect user input. The FLEX actionscript sends the user input through $_POST to a second PHP/FLEX page to process and insert into the database. The user does not leave the form PHP/FLEX page, just the users info does.

I am going to make the form PHP/FLEX page into an ssl by giving it the https address and certificate.

But what about the second PHP/FLEX page that does the processing and inputs into the database. Must that page also have an https address and certificate even though the users web browser does not actually go there?

I am concerned an attacker could bypass the form PHP/FLEX page to get to the second PHP/FLEX page.

Also, should that second PHP/FLEX page be included in the session. So if a user $_SESSION variable is not set, send an error back to the form PHP/FLEX page to redirect the user else where? Thanks.
1 Solution
Dave BaldwinFixer of ProblemsCommented:
The SSL certificate is used to encrypt the Connection, not the page, to prevent snooping and picking up personal on the network between your client and your server.  Users want to see that both pages involved are secured by 'https' because they don't understand this either.  They don't like to enter private info on pages that don't have the 'https' or the symbol.

On the second page, you should do some serious checking of the data you receive because spammers and hackers will exactly what you're thinking and bypass the first page if they can.

If you are using PHP sessions, all the pages involved should be included in the session.  If not then you can't use $_SESSION variables on the pages.
kadinAuthor Commented:
Thanks for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now