I want to modify my website so that many pages other than the payment form are sent securely (https instead of http). My site is PHP/SQL intensive; every page runs dozens of database queries. I’m using only 9% of my memory (800M of 9G) and CPU is running load averages of about 33%.
(note: I realize it will increase the server load; the question is by how much–are we talking a half-second per page, or should I expect CPU usage to double? Ballpark..

I’m using this payment processor that only allows me to “redirect” the buyer after they purchase to an unsecure thankyou page of my site. On that page I need to somehow deliver the login ID and password they need to login. But I don’t want to just post it on that unsecure thankyou page where anyone can access it. How can I work with this “thankyou” page in order to still deliver the customers login ID and password in a secure way?

I have read up on submitting forms, ie. username and password, with ssl. One thing kind of confuses me, I’ve read that in order for the info to be securely sent, only the form action needs to be https, not the page where the form resides.

This doesn’t make sense to me, this is what I understand. An unencrypted form page submits to an encrypted login page. The data must be sent to the server for php to process the data, so wouldn’t that mean that the data is unencrypted?

I’m sure there is a proper explanation, I would just like to understand how it works. Thank you in advance.

I need the same application on a Web server to handle both handling web page get or post requests ( securely) as well as talk to a remote application using a listening TCP or UDP socket.

For example, a web page action may prompt fetch of data from the socket connection. Another web page action may trigger sending a packet on the socket connection. The program will need to authenticate the remote application connecting on the socket and handle updates to a database based on that and web page activity as well.

What is the best way to go about this? I am limited to Windows but will have a dedicated server for this activity. This will be development not demo so reliability and redundancy not too important now.
Thanks.

I see you can do both, but can I just have a constantly running looping application in PHP handling both rather than through .php files initiating the application only on browsing activity?

My feet aren’t wet yet as you can see. I just want to confirm before I get in.

I require a simple login system using preferably PHP and MySql*. A system which can automatically run by its self, registering such user via a form on my website…. checking the data is valid…. adding the user to a MySql Database…. Sending an email to the user using the email input…. allowing the user to securely login to their own unique account…. A system which can allow me to edit the data etc the user see on their account easily as creating a simple website page…. I also would like you the creator to upload the files etc to reduce problems etc. No design is needed just the simple inputs and needed elements etc

I have a form protected with SSL in an https directory so I know the client to server communication is secure, but then the server uses php to send the information to an email address – how do I make sure that part is secure?
I know there are ways of doing this S/MIME, PGP – looking for suggestions from someone who has set this up in the past.

I need to secure data being sent from my Flash games to my PHP file.

Previously I was simply using a secret authorisation code, which was sent from the Flash file, and then checked against the code specified in the PHP file. However, using flasm to disassemble the swf I see it is very easy to ascertain this code – or indeed any secret checks that come from within the Flash file.

How can I then make this data secure?