Hello, I'm wondering if anyone knows the answer to this.. if I'm using a php page that queries one of my databases and I'm accessing it via HTTPS using a secure connection.. is there any need to encrypt the data coming back from the query?

My thoughts are: No, since the php script uses "localhost" as the server name so the data isn't really being transmitted across the internet before it reaches the page and the entire page is encrypted by HTTPS...

I just want to know if I'm thinking correctly or if I'm missing something...

Thanks!

HTTPS only encrypts the data between the user/client (browser) and the server. It's encrypted using SSL certificates that are installed on both machines. Once the data gets to the server, it's decrypted, so php isn't handling the encrypted data because php operates on the server, not in the browser.

Once php has finished doing something with the data, it is sent back to the browser through the encrypted connection.

at least this is my own, limited understanding of how it works.

~regards, and welcome to the community!

Right, so since the data never actually leaves the server (because the database resides on localhost) until php is done processing everything and generates the page... that would mean it is not necessary to encrypt the data returned by the query, correct?

Correct. The data will be encrypted by the site's SSL certificate and decrypted by the user's browser (in basic terms).

Having said that, it might be a good idea to encrypt a few items that you store in the database as an extra layer of protection.

Information like passwords can be hashed using php and you can then store the hash in the database. When logging on, the program would compare hash values for the correct password.

I've not tried encrypting data with php, but if the data is not large, then you might want to encrypt data before storing it in the database depending on the sensitivity of your data.

~regards