I wanted to checkout the MySQL database. I created a test one and when I went to the PHPMyAdmin, I saw that it was running on HTTP:
Is this normal? If I were to send PHP POST request would it all go through HTTP instead of HTTPS?
(I’ve SSL certificate for my website, though, if that information is important.)
Sorry for the dumb question and Happy New Year!
This is true. Websites are using SSL ( if SSL cert installed) but not databases
Do you happen to know if I can set up OpenSSL for the database?
Like, is that even an option for free accounts? If not, is there an alternative I could use to make sure the data gets from my website to the database in a secure matter?
The tutorials I keep finding seem to assume the people reading them have root access to the server.
Because all database transfers are done server-side, you really shouldn’t have to worry about your data being encrypted. And if you really care that much, you could use a reversible hashing method, such as base64 and then add a salt. https://www.mcafee.com/blogs/enterprise/cloud-security/what-is-a-salt-and-how-does-it-make-password-hashing-more-secure/
These tutorials you’re reading are very much not applicable to free hosting, please upgrade to premium if you really require these features.
Thank you as well for the reply.
It’s not about database transfers. I’ll be using the database for Contact Form submissions, since I can’t afford Email Server/SMTP forwarding at the moment, but I’m not sure how the data would be handled and I figured I’d ask if the database also has to be using HTTPS as well as my website having SSL enabled in order for everything to be OK.
P.S. Pardon my ignorance.
As long as you don’t give away any passwords or login information, the database you created is only accessible by you.
And as for SMTP, Gmail offers free SMTP as long as you have a mobile phone to generate an App Password for SMTP. To actually send the email from PHP, use PHPMailer. This GitHub repository from InfinityFree should guide you very clearly in creating a contact form:
Thank you once more.
Just to clarify, I won’t be doing any logging in. It’ll literally be just a Contact Form with a submit button and a POST request to a PHP file. After which that file will call another PHP file to upload the data to the database.
As for the Gmail alternative, I already knew about it but I’m not a fan of Google’s user data practices, especially the fact that they scan through all emails and their data for their own benefit - which is why it’s free I suppose - but I appreciate the effort for said alternative nonetheless.
So now I am confused about the problem here. If you have working PHP code to INSERT INTO the database you created, then what is your concern?
I completely understand your concern about Google. Good news for you though, there are other companies that support free SMTP as well, such as Outlook.com, Yandex.com, AOL.com, as well as countless others.
If you need more help, do you mind elaborating about your concern?
Thanks!
If you have working PHP code to
INSERT INTOthe database you created, then what is your concern?
I don’t have any right now actually, but I’m planning on writing some once my new Frontend is completed. I just wanted to inform myself before getting to that part if possible, but from what you’ve mentioned so far, if I’ve understood correctly, there isn’t any cause for concern for my Use Case.
As for the extra alternatives, the companies which own them are pretty much the same as Google unfortunately. But I’m thankful for the time you spent to recommend more alternatives. No need to, though. Since you mentioned there are countless others I’ll just do some investigating and see if I find any that might be to my satisfaction. If not, I’ll just wait till I have some extra cash to spare and purchase the premium stuff.
You’re right, phpMyAdmin should have HTTPS but it doesn’t. But there are no plans to fix this right now.
If you don’t want to use phpMyAdmin over HTTP, you can also run phpMyAdmin (or Adminer or another database management script of your choice) on your own website and protect that with HTTPS.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
