Announcement

Collapse
No announcement yet.

ScriptCase and https connections

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ScriptCase and https connections

    I have been looking through the reference, webinars and such but have not come across an example of, say, a SC application reading a username and password securely or a macro that changes to and from a secure connection. How is this done? I am grateful for any pointers and especially examples.

    S.

  • #2
    Its the same way under HTTPS and http. You don't have to do anything especial, HTTPS ensures itself to protect. Just enable you SSL
    /Giuseppe

    Professional Scriptcase Services
    Some Customers opinions

    Comment


    • #3
      ... but the only SC macro that is concerned with SSL, sc_site+ssl, only works under IIS.
      I was wondering if SC had anything native I could use instead of just getting into the raw PHP.
      Any examples would be appreciated.

      S.

      Comment


      • #4
        Originally posted by Sean H. View Post
        ... but the only SC macro that is concerned with SSL, sc_site+ssl, only works under IIS.
        I was wondering if SC had anything native I could use instead of just getting into the raw PHP.
        Any examples would be appreciated.

        S.
        I don't think a macro is needed.
        PHP Code:
        if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') {
            
        // no SSL request

        /Giuseppe

        Professional Scriptcase Services
        Some Customers opinions

        Comment


        • #5
          Originally posted by Giu View Post
          I don't think a macro is needed.
          PHP Code:
          if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') {
              
          // no SSL request

          There is nothing special about running under https. We have several applications running under it and no issues at all. Afaik the scriptcase macro's are to detect if the application is running under https, but why should you bother? After all you're installing it under https so as long as the certificates are valid there's no need to do checks in your software.
          Albert Drent
          aducom software netherlands
          scriptcase partner, reseller, support and (turn-key) development
          www.scriptcase.eu / www.scriptcase.nl

          Comment


          • #6
            I basically force all http traffic to https on the server hosting the app and I think that's safest. Problem is my /_lib URL which returns a blank page with https.

            How do you handle this?

            Also it's obviously safer to use htaccess to prevent casual access to /_lib by unknown IP addresses but is it possible to rename _lib entirely in production SC so its far more difficult for a hacker familiar with SC architecture?

            Comment


            • #7
              Originally posted by scriptcaser View Post
              I basically force all http traffic to https on the server hosting the app and I think that's safest. Problem is my /_lib URL which returns a blank page with https.

              How do you handle this?

              Also it's obviously safer to use htaccess to prevent casual access to /_lib by unknown IP addresses but is it possible to rename _lib entirely in production SC so its far more difficult for a hacker familiar with SC architecture?
              You mean that you can't connect to the setup? Just enter the full url manually.
              Albert Drent
              aducom software netherlands
              scriptcase partner, reseller, support and (turn-key) development
              www.scriptcase.eu / www.scriptcase.nl

              Comment


              • #8
                Originally posted by scriptcaser View Post
                I basically force all http traffic to https on the server hosting the app and I think that's safest. Problem is my /_lib URL which returns a blank page with https.

                How do you handle this?

                Also it's obviously safer to use htaccess to prevent casual access to /_lib by unknown IP addresses but is it possible to rename _lib entirely in production SC so its far more difficult for a hacker familiar with SC architecture?
                Didn't tried with https, but if you problem is, when you access /_lib you finish on a blank page here /_lib/prod/lib/php/?login just try adding index.php before '?' .. like this /_lib/prod/lib/php/index.php?login
                This fails too out of SSL
                /Giuseppe

                Professional Scriptcase Services
                Some Customers opinions

                Comment


                • #9
                  You are both right: the direct URL works and it's not protected by SSL. But is this a good practice? How are you securing your _lib in production environment over the 'net?

                  Comment


                  • #10
                    No, you can also use https for this screen. In fact, if you are running under apache you have a https directory for your site and you can only run this under https.
                    Albert Drent
                    aducom software netherlands
                    scriptcase partner, reseller, support and (turn-key) development
                    www.scriptcase.eu / www.scriptcase.nl

                    Comment


                    • #11
                      This is what I used:

                      function use_https()
                      {
                      if ( ! isset($_SERVER['HTTPS'])) {
                      header('Location: https://' . $_SERVER["SERVER_NAME"] . $_SERVER['REQUEST_URI']);
                      }
                      }

                      function use_http()
                      {
                      if ( isset($_SERVER['HTTPS'])) {
                      header('Location: http://' . $_SERVER["SERVER_NAME"] . $_SERVER['REQUEST_URI']);
                      }
                      }


                      Thanks for your feedback.

                      Comment

                      Working...
                      X