HTTPS and CGI

hotshot has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: HTTP and CGI by Joost (Canon) on Jun 03, 2003 at 09:54 UTC
For ordinary use of CGI (and CGI), the difference betweeen HTTP or HTTPS is not noticable. HTTPS is mostly just a wrapper that sends ordinary HTTP requests over a secure socket, so the encryption and authentication happen on a lower level than the HTTP protocol. `-- Joost` [download]	[reply] [d/l]
Re: HTTP and CGI by arthas (Hermit) on Jun 03, 2003 at 10:36 UTC
You need to change nothing at CGI level, the server will do all the encryption/decryption for you. Michele.	[reply]
Re: HTTP and CGI by vek (Prior) on Jun 03, 2003 at 14:53 UTC
As others have mentioned, you will not need to change your scripts. As a side note, you might find the OpenSSL site a handy reference for all things HTTPS though. -- vek --	[reply]
Re: HTTPS and CGI by freddo411 (Chaplain) on Jun 03, 2003 at 17:13 UTC
Hotshot, Existing working scripts will work without any changes. You may however wish to check in your script if the user is actually using an https connection. According to perldoc CGI: https() The same as http(), but operates on the HTTPS environment variables present when the SSL protocol is in effect. Can be used to determine whether SSL is turned on. I'd imagine (but haven't tested) you'd do something like: `if ($q->https('HTTP_USER_AGENT') { #yup they're secure } else { #nope they're not }` [download] ---- Nothing is too wonderful to be true -- Michael Faraday	[reply] [d/l]
Re: HTTPS and CGI by waswas-fng (Curate) on Jun 03, 2003 at 17:20 UTC
One thing you may want to check is that you have no fully qualified URLs in your CGI, if you do you will have to replace them with https://<newaddr> where needed. That is usually the only problem people face going from http to https. -Waswas	[reply]