Do I need secure socket layer for second php processing page that user does not visit?

Posted on 2012-09-13
Last Modified: 2012-09-14
My PHP form page has in it a FLEX (flash movie) form to collect user input. The FLEX actionscript sends the user input through $_POST to a second PHP/FLEX page to process and insert into the database. The user does not leave the form PHP/FLEX page, just the users info does.

I am going to make the form PHP/FLEX page into an ssl by giving it the https address and certificate.

But what about the second PHP/FLEX page that does the processing and inputs into the database. Must that page also have an https address and certificate even though the users web browser does not actually go there?

I am concerned an attacker could bypass the form PHP/FLEX page to get to the second PHP/FLEX page.

Also, should that second PHP/FLEX page be included in the session. So if a user $_SESSION variable is not set, send an error back to the form PHP/FLEX page to redirect the user else where? Thanks.
Question by:kadin
    LVL 82

    Accepted Solution

    The SSL certificate is used to encrypt the Connection, not the page, to prevent snooping and picking up personal on the network between your client and your server.  Users want to see that both pages involved are secured by 'https' because they don't understand this either.  They don't like to enter private info on pages that don't have the 'https' or the symbol.

    On the second page, you should do some serious checking of the data you receive because spammers and hackers will exactly what you're thinking and bypass the first page if they can.

    If you are using PHP sessions, all the pages involved should be included in the session.  If not then you can't use $_SESSION variables on the pages.

    Author Closing Comment

    Thanks for your help.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    A colleague recently asked me about how to give his client a small part of the web site that could be completely under the client's control.  Since I have done this sort of thing before to add emergency banners to a web site, I decided I would creat…
    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now