HTTPS communication

harangzsolt33 has asked for the wisdom of the Perl Monks concerning the following question:

I have never had a website that had any sort of security layer, and I am not sure how to set it up, how to pay for it, or how to incoroprate it with Perl. For example, if I move my website from http to https, does that mean my perl scripts will continue to run just like before? I mean if I print something to stdout, does it automatically go through a security filter that encrypts it, or do I have to use some kind of Perl module to encrypt my script's output?

Also, when I am reading input from stdin (form submission), do I just read the values from STDIN, or am I required to use a perl module to decrypt whatever is being read?

Keywords: secure connection, authentication, server, encryption, insecure, vulnerable, expose data, password, issue SSL certificate

Comment on HTTPS communication

Replies are listed 'Best First'.
Re: HTTPS communication by LanX (Saint) on Nov 18, 2018 at 02:50 UTC
That's handled by the web server (canonically Apache) and is totally transparent for Perl-CGIs. (unless your Perl is involved in serving, which I doubt) Normal step is to create an SSL certificate for your domain and to make it accessible by the web server. You might also need to update your rewrite rules, most sites nowadays "redirect" all http to https to disallow non-encrypted traffic. The CGI won't notice any of this, neither in- nor output is different, except of course some HTTP-headers/ENV-Vars which have to be explicit about the URL. Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery FootballPerl is like chess, only without the dice}	[reply]
Re^2: HTTPS communication by harangzsolt33 (Deacon) on Nov 18, 2018 at 03:02 UTC
Okay, thank you very much for your quick reply!!! So, and just to clarify things, if I ever use the URL to transfer data between the server and client, for example: https://www.mywebsite.com/hitcounter.pl?visits=314&screen_res=1024x768&browser=Chrome&os=Win10&r=49638251 JavaScript requesting this image url, to count page hits, then that information in the URL will be visible to ALL others even though other data (content) is encrypted. Right?	[reply]
Re^3: HTTPS communication by NetWallah (Canon) on Nov 18, 2018 at 06:51 UTC
The URL and parameters over the wire will be encrypted when using HTTPS. However there are issues. See: https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/ (Old, but still relevant). Memory fault -- brain fried	[reply]
Re^3: HTTPS communication by LanX (Saint) on Nov 18, 2018 at 03:04 UTC
what? Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery FootballPerl is like chess, only without the dice} PS: good night! :)	[reply]
Re^4: HTTPS communication by harangzsolt33 (Deacon) on Nov 18, 2018 at 03:07 UTC
Re: HTTPS communication by davidmcm (Initiate) on Sep 25, 2019 at 15:46 UTC
I get this warning when I run some of my Perl code: The information you have entered on this page will be sent over an insecure connection and could be read by a third party. I need a baby-steps tutorial on how to fix this problem. Sounds like it involves an SSL certificate. -- David https://www.prismnet.com/~hcexres	[reply]
Re^2: HTTPS communication by Corion (Patriarch) on Sep 25, 2019 at 17:30 UTC
This has basically nothing to do with your Perl code. It is mainly an issue of configuring your web server properly so that it uses the appropriate SSL certificate. I think that https://letsencrypt.org/ most likely provides information on how to configure your (unstated) web server. Otherwise, maybe there are paid options from your hosting provider.	[reply]