Jump to content
sylvest

How Do I Force Use Of Https For My Login Page?

Recommended Posts

I'm designing a new section of my web site, which is in a subdomain like sub.maindomain.org (actually the pages are in a suibdirectory like /home/username/sub). I need to force users who access the login page which is /index.php to connect via HTTPS so that the username and password are encrypted, and can't be snooped by a man in the middle. I may find a few more web pages that need to be accessed via HTTPS too. How do I organise this? In doing so, how do I avoid those annoying "your certificate has not been validated" messages?

 

Thanks - Rowan

Share this post


Link to post
Share on other sites

If you need secure urls used then you will need to have a valid SSL cert installed on the domain, otherwise you can use shared secure urls of your server. The syntax for shared secure urls will be https://servername/~cpanelusername. If you can open a helpdesk ticket with primary domain name of your hosting account, we can provide you with exact shared secure url and discuss further on this.

Share this post


Link to post
Share on other sites

I submitted a ticket, but the help desk said that some of my questions were outside of their scope. The remaining questions are:

  1. Can I use a shared secure URL to access a subdomain on my site, i.e. the web pages I'm developing are in swchoir.sylvesterbradley.org, the files that this subdomain refers to are in /home/sylvest/swchoir (i.e. not within public_html).
  2. I have a login page on my website called index.php. Presumably I don't need to encrypt this since it contains no confidential information. I need to encrypt the response to this, which is a URL like swchoir.sylvesterbradley.org/do_login.php. Can I get this encrypted by simply setting my form action property to "https://swchoir.sylvesterbradley.org/do_login.php".
  3. Do I have to do anything else to enable the encryption, or does the use of the https protocol enable all the necessary encryption on the client and decryption on the server?
  4. How do I prevent people from accessing this page by using the URL http://swchoir.sylvesterbradley.org/do_login.php?
  5. Does it matter whether I use method GET or POST for the login form?

Thanks for your help.

 

Rowan

Share this post


Link to post
Share on other sites

Copied to Scripting Central -> Scripting Talk.

 

Why does Paste not work in this forum? What is the point of having a Paste button if it doesn't do anything?

 

Rowan

Share this post


Link to post
Share on other sites

Why does Paste not work in this forum? What is the point of having a Paste button if it doesn't do anything?

 

Standard copy (CTRL-C) and paste (CTRL-V) commands work.

Share this post


Link to post
Share on other sites

Not for me they don't. If I select some text from the message, press CTRL/C, move the cursor and press CTRL/V, nothing happens. If I select some text from a Notepad document, press CTRL/C, and move to the forum message and press CTRL/V, nothing happens. If I press the Paste button, it asks me " Do you want to allow access to your clipboard?". If I press Allow Access, it does nothing. If I click the Paste button again, this time it does not ask me the above question (I have not discovered what resets it so that it asks this question again).

 

Could this be a browser issue? I'm currently using IE11, but I think the same happens in Firefox and Chrome. Or could it be a firewall issue?

 

Am I the only person having this problem???

 

Thanks - Rowan

Share this post


Link to post
Share on other sites

See if the info on this page might help: superuser.com/questions/476210/disable-do-you-want-to-allow-this-webpage-to-access-your-clipboard-message

Share this post


Link to post
Share on other sites

Thomas,

 

Thanks for your reply.

 

Yes, that is the dialogue box that I'm getting. But this doesn't explain why if I click Allow, it still doesn't paste anything into the forum message. I don't suppose setting it to default to Allow for trusted sites, and setting forums.totalchoicehosting.com as a trusted site, will make any difference to this behaviour.

 

Rowan

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...