What is a clean / easy way to keep your page safe?

Question

What is a clean / easy way to keep your page safe?

Suppose you have a form that collects and sends sensitive information, and you want to make sure that it is never accessible through insecure (non-HTTPS) means, how can you better use this policy?

+3

security ssl https forms

Teflon ted 10 Sep '08 at 18:50

source share

5 answers

Apache, RewriteRule .htaccess, :

RewriteCond %{HTTPS} "off"
RewriteRule /mypage.html https://example.com/mypage.html

+5

Justin Voss 10 . '08 18:54

: http://www.dotnetmonster.com/Uwe/Forum.aspx/asp-net/75369/Enforcing-https

: IIS, -.

+1

Vaibhav 10 . '08 18:52

IIS? " ". .

+1

Danimal 10 . '08 18:53

I would suggest looking at the request in the code that displays the form, and if it does not use SSL, output the redirect to the https URL.

You can also use the rewrite rule in Apache to redirect the user.

Or you could simply not serve the page via HTTP and store it only in the root directory of your HTTPS site document.

+1

pkaeding 10 Sep '08 at 18:55

source share

Eugene · Accepted Answer · 2008-09-11T00:54:28+0000

I think the most bulletproof solution is to save only the code inside your SSL document. This ensures that you (or another developer in the future) cannot accidentally associate yourself with an unprotected version of the form. If you have a form in both HTTP and HTTPS, you may not even notice that the incorrect one is used by accident.

, . URL- Apache , , - HTTP.

What is a clean / easy way to keep your page safe?

More articles: