Comments on: phpLiveDocx now with SSL encryption

By: LiveDocx Premium Services Survey

LiveDocx Premium Services Survey — Thu, 06 Aug 2009 06:19:19 +0000

[...] with sending very private data over a network to have their documents generated (regardless of SSL). In some cases, corporate policy disallows such methods, thus they are not permitted to use [...]

By: Jonathan Maron

Jonathan Maron — Tue, 12 May 2009 07:47:04 +0000

Hello Peter

You are not the only one who suggested that SSL should be mandatory. Correspondingly as of phpLiveDocx 1.1-20090512 all traffic with LiveDocx is over SSL. SSL may no longer be de-activated. The third parameter of the constructor, as described in the above post, has been removed again.

Jonathan Maron

By: Peter Anderson

Peter Anderson — Mon, 27 Apr 2009 14:27:45 +0000

I think you should disable the non SSL version all together. After all, just submitting a username and password over a non SSL encrypted connection is risky. I have already set up my project to run exclusively over SSL.

Cheers

Peter Anderson

By: Jonathan Maron

Jonathan Maron — Tue, 21 Apr 2009 06:50:42 +0000

Hello Paul

Thanks for your comments.

That is the general idea: Using SSL, you can encrypt all traffic to the backend service. I would wholeheartedly recommend always using SSL when sending data across the Internet, regardless of whether the data is of sensitive nature or not. Using SSL does have some overhead (very little), but most of the time, you should not notice any performance degradation.

Jonathan Maron

By: Paul Mathews

Paul Mathews — Tue, 21 Apr 2009 06:15:53 +0000

Thanks for this. I have downloaded the new class library and updated my application. I think it is much better to transfer all data to LiveDocx using SSL — at least that way, you can be quite sure that no one is going to steal your data, while it is in transit. Paul