Greetings. I am a self taught programmer, mostly using VB and VBS to build front ends for Access DBs using ADO. I have done a lot of scripting in other languages as well, nothing to write home about, but I understand programming to a decent degree.
I have recently been tasked with taking all my VB based applications and converting them over to browser based apps. A duanting task to be sure for someone who really has avoided web solutions.
Anyway, while digging around and learning the ins/outs of html/css/php/ajax/jquery/jscript and some fundamentals of HTTPS/SSL and serverside topics like .htaccess, I found xampp somewhere along the way. I was using a TurnKey LAMP box, but the XAMPP solution is so much faster really.
Anyway, I have been on a course to learn proper credential handling. This whole stateless environment is tricky, with way too many things to keep in mind.. but I move on.
Today I was considering how I might implement using HTTPS, and of course found all about SSL and TLS as well as HSTC. I decided I might as well learn how to use HTTPS, so I was going to create some test pages in my XAMPP root I made. When I simply used HTTPS:// in the request, it showed the 'not locked" symbol. Ok, I have some more to learn.
I found a tutorial that said to create my cert. That would not work, did not investigate very far before I found here that certs are already running. So I put in HTTPS://localhost and sure enough it brought me to the login prompt, and then to the home XAMPP localhost page with the SSL symbol. No problem I guess.
So I closed it out, restarted the browser, and tried to follow the index files (index.html/index.php). I more or less understand what I am looking at, and see how it calls the header: to load different pages/content. What I don't understand is why I keep getting the login prompt. I "think" it is because I applied security to the XAMPP directory.
Anyway, I am trying to find the flowchart type data for just how this all fits together. In other words, something like this:
1. input http://localhost - where does it go first
2. input password to access directory - assuming this is apache? - is this an .htaccess file somewhere?
3. if it is apache, and after I give directory credentials, then I am directed to URL I used.. which files are used to take me there.. that is, where are the references or is it outside the scope of the file system lockdown and the http request is just put in buffer until credentials are approved, then continue http request.
4. I see I am directed to /xampp/ directory, and assume it goes straight away to index.php
5. if simply passing https:// to a given file (like index.php) is all that is needed, why does my test page not work with https:// (my path - /xampp/htdocs/wookie/index.html)
6. i can see the cert file existing in the proper directory for xampp. is there something that needs to be set for it to be included in my call to https in my directory
In short, I can (and have) looked up all of this and more, but lack an overall synopsis of "this is how it all ties together". I am sure that I can figure out how to make my code be sure to implement HTTPS, there are multiple ways to do this it appears (.htaccess to scripting), but I really feel I need to understand the underlying principles, hopefully in a clear and concise form.
I decided to post here because I am using XAMPP and it is very convenient to traverse its directories/files examining things.
BTW, I am using win7 ultimate and know very little about unix based systems. But, I have a good foundation and don't find any of it to be particuarly "hard", only foreign for the moment.
Thank you to anyone who might care to help.