-1

Question: Customer's of few web projects from scratch (which already completed and launched) want to use HTTPS. Server side guys will install SSL Cert.

Apart from the redirection from HTTP, Do the programmer need to do any changes in programming or forms or database?

Do the programmer need to use any type of data encryption or any parameters during the form submit while using https?

Type of projects migrating from http to https

  • eCommerce
  • Vehicle Rental Management

Project Specs

  • Responsive
  • PHP, HTML, CSS
  • MySQL
  • Jquery
  • PayPal

References find in SO

https://stackoverflow.com/questions/16200501/http-to-https-apache-redirection

https://stackoverflow.com/questions/2559620/conversion-http-to-https

https://stackoverflow.com/questions/10489895/http-to-https-through-htaccess

But from the above never find an answer to my question.

Community
  • 1
  • 1
J.K
  • 1,382
  • 1
  • 11
  • 27
  • 4
    Based on the information you've provided, there's absolutely no way to know. If you have configuration of URL's in the database or in configuration files, then maybe? Perhaps you need changes to web server (Apache/IIS/nginx) configuration files too? Based on the information provided it's just not possible to give an accurate answer. – naththedeveloper Apr 10 '17 at 06:47
  • @naththedeveloper Do the programmer need to use any type of data encryption or any parameters during the form submit while using https? – J.K Apr 10 '17 at 08:05

1 Answers1

1

What you need to change in the webpages:

  • Scripts (js) and Iframes must be loaded directly from https (whitout redirect): scripts uri must be relative or start with "https://". If not, scripts and iframes will not load

  • Forms must have an https target to avoid security confirmation

  • Images and css must be loaded directly from https to avoid loosing the https indicator

More information: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

See also: HSTS, CSP upgrade-insecure-requests

Do the programmer need to use any type of data encryption or any parameters during the form submit while using https?

HTTPS takes care of everything. It encrypt urls (Note: the domain name is not encrypted), POST and GET data. (It's a best practice to avoid sending confidential data using GET, because they may be logged in various unsecure places)

The best for a migration is to migrate all webpages. Having to maintain http=>https redirects for some and https=>http redirect is complicated, error prone and insecure.

Tom
  • 4,666
  • 2
  • 29
  • 48
  • 1
    Very Informative; Im not familiar with HSTS, CSP... However I'll find and learn about those. Thanks – J.K Apr 11 '17 at 03:38