If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
No announcement yet.
The Information between the application and data base. Is Safe?
Yep, if you use https there should be no problem. Scriptcase if deployed is nothing more then a database with php and a webserver so it is just like any other webserver.
You should always be aware for network sniffers but that goes for all traffic.
Under https the parameters for http post and http get are always encrypted with ssl so that should work fine.
Yes, you need to be very aware in a situation like you are describing in your title.
Webserver to Database Security Concerns
Communications between the webserver app (Apache) and the database, if they are on different machines, are vulnerable.
In our case, our Apache servers and our SQL servers have a dedicated non-public connection, the SQL servers are not exposed to the internet at all.
As an alternative, if both servers are exposed, you can easily set up an SSH tunnel between the two servers. Google "SSH Tunneling" for a more in depth discussion.
Browser to Webserver Security Concerns
You should always use https rather than http if you have a website where users log in.
Using the ScriptCase Security Module without https means that your password is sent in the clear over the internet from your browser to the web site.
You can configure Apache to automatically force a change from http to https. Google "HTTP Strict Transport Security" for more information about this.
Test your Website for Vulnerabilities
And finally, as Kafecadm mentioned above, you should always test your SSL enabled site for vulnerabilities using a test suite. We use SSL Labs free service.
You can see an example of the results of testing an improperly configured SSL website here: test ScriptCase.net
A properly configured SSL on a ScriptCase developed website returns results like this: test sahod.ph
So in summary, enabling SSL properly is much more than installing a certificate.
Thank for you help.
I refer about if i will have in my application that to install a certificate or with the scriptcase I can?
However, I will release everything that you give me. However, I will make everything that you describe me.
A certificate is needed for the webserver. Well is isnt needed if you run without a certificate but any decent website uses https and a certificate nowadays.
On that webserver you can run whatever scriptcase deployment you have.
For testing you can get a free certificate from https://www.startssl.com/ (1 year valid) or from https://www.comodo.com/e-commerce/ss...ertificate.php (90 days valid)
or other sites (rapidssl.com and so on).