|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 25 Aug 2006 07:55:07 -0000 Issue 4312
php-general-digest-help
lists.php.net
Date: Fri Aug 25 2006 - 02:55:07 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 25 Aug 2006 07:55:07 -0000 Issue 4312
Topics (messages 241090 through 241099):
ssl.
241090 by: Joćo Cāndido de Souza Neto
241091 by: Tim Traver
241092 by: Alex Turner
241093 by: Joćo Cāndido de Souza Neto
241094 by: Alex Turner
241095 by: Alex Turner
241097 by: Mourad Boulahboub
241099 by: Alex Turner
Re: How to deal with errors in forms
241096 by: Chris
Re: mouradmaroczone.de
241098 by: Mourad Boulahboub
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Hy everyone.
Since we change our ssl key from 128kb to a 256kb i notice that something“s
going wrong.
In my e-commerce, part is secure and part isn“t. when i join into the secure
part of the site, everithing works fine. But, when the sale is finishes and
my script run header("Location: http://www.?????") to exit from the secure
part, the browser gives me a notice that some parts of the page i“ve been
led to a non-secure region and ask me if i realy want to do that (it never
had happened before). Thought i confirm by clicking in yes buttom, i doesn“t
goes away from https.
Now my question:
Has some difference between 128kb e 256kb ssl key?
There“s some way to fix it?
Thanks a lot in advance for any tips...
--
Joćo Cāndido de Souza Neto
Curitiba Online
joaocuritibaonline.com.br
(41) 3324-2294 (41) 9985-6894
http://www.curitibaonline.com.br
attached mail follows:
Joćo Cāndido de Souza Neto wrote:
> Hy everyone.
>
> Since we change our ssl key from 128kb to a 256kb i notice that something“s
> going wrong.
>
> In my e-commerce, part is secure and part isn“t. when i join into the secure
> part of the site, everithing works fine. But, when the sale is finishes and
> my script run header("Location: http://www.?????") to exit from the secure
> part, the browser gives me a notice that some parts of the page i“ve been
> led to a non-secure region and ask me if i realy want to do that (it never
> had happened before). Thought i confirm by clicking in yes buttom, i doesn“t
> goes away from https.
>
> Now my question:
>
> Has some difference between 128kb e 256kb ssl key?
> There“s some way to fix it?
>
> Thanks a lot in advance for any tips...
>
>
Joćo,
This shouldn't have anything to do with the certificate.
It most likely has to do with something being loaded on the exit page
that is not secure. For example, if there is a hard coded link to an
image, or an included javascript link to an outside source.
If anything on the page is not secure, then you will get that error.
Tim.
attached mail follows:
It would appear that the root of the page has not gone back to http. Is
it possible that this is a one of those cases when two things get
changed at once by accident?
I would suggest downloading the IE developer's tool bar (or the firefox
equivalent) and then when you get to the page you think should be http,
but is sticking on https, view the DOM. By carefully going through the
DOM there is a good chance that you will find that, for example, the PHP
you have redirected to http is indeed running in a frame or some such.
AJ
Joćo Cāndido de Souza Neto wrote:
> Hy everyone.
>
> Since we change our ssl key from 128kb to a 256kb i notice that something“s
> going wrong.
>
> In my e-commerce, part is secure and part isn“t. when i join into the secure
> part of the site, everithing works fine. But, when the sale is finishes and
> my script run header("Location: http://www.?????") to exit from the secure
> part, the browser gives me a notice that some parts of the page i“ve been
> led to a non-secure region and ask me if i realy want to do that (it never
> had happened before). Thought i confirm by clicking in yes buttom, i doesn“t
> goes away from https.
>
> Now my question:
>
> Has some difference between 128kb e 256kb ssl key?
> There“s some way to fix it?
>
> Thanks a lot in advance for any tips...
>
--
www.deployview.com
www.nerds-central.com
www.project-network.com
attached mail follows:
Nothing was changed at the code, just the ssl key was changed.
Why it was working fine with the old ssl key?
"Tim Traver" <tt-listsimplenet.com> escreveu na mensagem
news:44EE0FCB.8090403simplenet.com...
>
> Joćo Cāndido de Souza Neto wrote:
>> Hy everyone.
>>
>> Since we change our ssl key from 128kb to a 256kb i notice that
>> something“s going wrong.
>>
>> In my e-commerce, part is secure and part isn“t. when i join into the
>> secure part of the site, everithing works fine. But, when the sale is
>> finishes and my script run header("Location: http://www.?????") to exit
>> from the secure part, the browser gives me a notice that some parts of
>> the page i“ve been led to a non-secure region and ask me if i realy want
>> to do that (it never had happened before). Thought i confirm by clicking
>> in yes buttom, i doesn“t goes away from https.
>>
>> Now my question:
>>
>> Has some difference between 128kb e 256kb ssl key?
>> There“s some way to fix it?
>>
>> Thanks a lot in advance for any tips...
>>
>>
>
>
> Joćo,
>
> This shouldn't have anything to do with the certificate.
>
> It most likely has to do with something being loaded on the exit page that
> is not secure. For example, if there is a hard coded link to an image, or
> an included javascript link to an outside source.
>
> If anything on the page is not secure, then you will get that error.
>
> Tim.
attached mail follows:
Joćo,
Surely the issue is to find why it is not working now. Why it did work
in the past is only of interest if you want to stop the problem
re-occurring in the future. Thus, the correct approach is to find why
it is not working now, fix it and then see if you can work out what has
change between the past and now.
It is just possible that changing the key length has resulted in a
different connection encryption escalation process between the server
and the client. I am a little rusty on this :-( However, if that is
the case, I would suspect that what you are seeing is a bug that has
always been there but did not show up before. This might revolve around
which port is being used (as you can map both https and http to one port
if you use escalation - or at least I seem to remember that is possible
with TLS).
In summary, find out what is broken now and all will be clear. To find
out what is wrong now you should find out the exact structure of the
returned page.
Good luck
AJ
Joćo Cāndido de Souza Neto wrote:
> Nothing was changed at the code, just the ssl key was changed.
>
> Why it was working fine with the old ssl key?
>
> "Tim Traver" <tt-listsimplenet.com> escreveu na mensagem
> news:44EE0FCB.8090403simplenet.com...
>> Joćo Cāndido de Souza Neto wrote:
>>> Hy everyone.
>>>
>>> Since we change our ssl key from 128kb to a 256kb i notice that
>>> something“s going wrong.
>>>
>>> In my e-commerce, part is secure and part isn“t. when i join into the
>>> secure part of the site, everithing works fine. But, when the sale is
>>> finishes and my script run header("Location: http://www.?????") to exit
>>> from the secure part, the browser gives me a notice that some parts of
>>> the page i“ve been led to a non-secure region and ask me if i realy want
>>> to do that (it never had happened before). Thought i confirm by clicking
>>> in yes buttom, i doesn“t goes away from https.
>>>
>>> Now my question:
>>>
>>> Has some difference between 128kb e 256kb ssl key?
>>> There“s some way to fix it?
>>>
>>> Thanks a lot in advance for any tips...
>>>
>>>
>>
>> Joćo,
>>
>> This shouldn't have anything to do with the certificate.
>>
>> It most likely has to do with something being loaded on the exit page that
>> is not secure. For example, if there is a hard coded link to an image, or
>> an included javascript link to an outside source.
>>
>> If anything on the page is not secure, then you will get that error.
>>
>> Tim.
--
www.deployview.com
www.nerds-central.com
www.project-network.com
attached mail follows:
Joćo,
Please try and find out why it is not working now. Once you have that
worked out, it will be much easier to find out what has changed.
There are a few subtle methods by which changing the key length might
interact with PHP. However, in general, PHP is not involved with the
encryption of the socket. It will be near impossible to guess what
might have gone wrong. It will be much easier to work it out once you
know the structure of the page that is causing the trouble.
AJ
www.deployview.com
Joćo Cāndido de Souza Neto wrote:
> Nothing was changed at the code, just the ssl key was changed.
>
> Why it was working fine with the old ssl key?
>
> "Tim Traver" <tt-listsimplenet.com> escreveu na mensagem
> news:44EE0FCB.8090403simplenet.com...
>> Joćo Cāndido de Souza Neto wrote:
>>> Hy everyone.
>>>
>>> Since we change our ssl key from 128kb to a 256kb i notice that
>>> something“s going wrong.
>>>
>>> In my e-commerce, part is secure and part isn“t. when i join into the
>>> secure part of the site, everithing works fine. But, when the sale is
>>> finishes and my script run header("Location: http://www.?????") to exit
>>> from the secure part, the browser gives me a notice that some parts of
>>> the page i“ve been led to a non-secure region and ask me if i realy want
>>> to do that (it never had happened before). Thought i confirm by clicking
>>> in yes buttom, i doesn“t goes away from https.
>>>
>>> Now my question:
>>>
>>> Has some difference between 128kb e 256kb ssl key?
>>> There“s some way to fix it?
>>>
>>> Thanks a lot in advance for any tips...
>>>
>>>
>>
>> Joćo,
>>
>> This shouldn't have anything to do with the certificate.
>>
>> It most likely has to do with something being loaded on the exit page that
>> is not secure. For example, if there is a hard coded link to an image, or
>> an included javascript link to an outside source.
>>
>> If anything on the page is not secure, then you will get that error.
>>
>> Tim.
--
www.deployview.com
www.nerds-central.com
www.project-network.com
attached mail follows:
Hi JoĆ£o,
this is the standard alert message from internet explorer. Because you
go from https to http it get show up. This is no bug in your script or
either in the certificate. Try it by surfing to a secure website (not
yours) with https and then leave it by typining a non secured website
into the browser. You will get the same alert message from internet explorer
JoĆ£o CĆ¢ndido de Souza Neto schrieb am 24.08.2006 22:26:
> Hy everyone.
>
> Since we change our ssl key from 128kb to a 256kb i notice that somethingĀ“s
> going wrong.
>
> In my e-commerce, part is secure and part isnĀ“t. when i join into the secure
> part of the site, everithing works fine. But, when the sale is finishes and
> my script run header("Location: http://www.?????") to exit from the secure
> part, the browser gives me a notice that some parts of the page iĀ“ve been
> led to a non-secure region and ask me if i realy want to do that (it never
> had happened before). Thought i confirm by clicking in yes buttom, i doesnĀ“t
> goes away from https.
>
> Now my question:
>
> Has some difference between 128kb e 256kb ssl key?
> ThereĀ“s some way to fix it?
>
> Thanks a lot in advance for any tips...
>
attached mail follows:
Mourad,
I think that you might have misread the original post. The snag appears
not to be the leaving of a secure site. The snag is that root document
is secure but some of the embedded urls (images, frames, iframes etc)
are unsecured. Whilst this again is a standard warning, it is one that
should be avoided at all cost as it scares the stuff out of customers!
AJ
www.deployview.com
Mourad Boulahboub wrote:
> Hi JoĆ£o,
>
> this is the standard alert message from internet explorer. Because you
> go from https to http it get show up. This is no bug in your script or
> either in the certificate. Try it by surfing to a secure website (not
> yours) with https and then leave it by typining a non secured website
> into the browser. You will get the same alert message from internet explorer
>
> JoĆ£o CĆ¢ndido de Souza Neto schrieb am 24.08.2006 22:26:
>> Hy everyone.
>>
>> Since we change our ssl key from 128kb to a 256kb i notice that somethingĀ“s
>> going wrong.
>>
>> In my e-commerce, part is secure and part isnĀ“t. when i join into the secure
>> part of the site, everithing works fine. But, when the sale is finishes and
>> my script run header("Location: http://www.?????") to exit from the secure
>> part, the browser gives me a notice that some parts of the page iĀ“ve been
>> led to a non-secure region and ask me if i realy want to do that (it never
>> had happened before). Thought i confirm by clicking in yes buttom, i doesnĀ“t
>> goes away from https.
>>
>> Now my question:
>>
>> Has some difference between 128kb e 256kb ssl key?
>> ThereĀ“s some way to fix it?
>>
>> Thanks a lot in advance for any tips...
>>
--
www.deployview.com
www.nerds-central.com
www.project-network.com
attached mail follows:
Merlin wrote:
> Hi there,
>
> I do have a form where there is also a field with max 2000 characters
> the user can put in.
>
> Now before processing the data with php, I do a checkin the script for
> certain criterias if something lookes wrong I do redirect him to the
> original form with inserting the data he has entered. I do this via GET
> e.g.: ?title=test&body=blablub
>
> That works fine with one exception. If the user does enter 2000
> characters (or a lot c.) they do get transfered via URL as well and that
> is not possible. Firfox for example then simply displays a blank page!!!
> It would be fine if he would return with just a few less characters, but
> at least display the error message I am providing.
>
> Now, 2 questions:
> 1) Does anybody know why firefox is shoing a blank page? If the URL does
> contain less characters, lets say 100 everything works fine.
> 2) How could I possibly save his entry? Maybe with the help of a cookie?
> But then, I do redirect to the page. So I do send a header. As far as I
> know this only once possible?
> For example:
> setcookie('bla test');
> HEADER("Location:".$data[rurl]."?error=".$error.$parameter);
Definitely do this with sessions.
All browsers have a limit on the length of the url they can view
(internet explorer's is less than firefox, not sure where opera or
safari break but search your preferred search engine and you'll find the
answer).
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
sorry for that :(
Mourad Boulahboub schrieb am 24.08.2006 17:12:
> news.gmane.org
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]