If I use PHP's fopen() function to retrieve data from a HTTPS website, is that what one would call a secure HTTPS connection. i.e. Does it provide protection against man-in-the-middle and eavesdropping attacks?
Does PHP's fopen() protect against typical attacks when accessing https resources?
865 Views Asked by Kenneth Poulsen At
1
There are 1 best solutions below
Related Questions in PHP
- php Variable name must change in for loop
- register_shutdown_function is not getting called
- Query returning zero rows despite entries existing
- Retrieving *number* pages by page id
- Automatically closing tags in form input?
- How to resize images with PHP PARSE SDK
- how to send email from localhost using codeigniter?
- Mariadb max Error while sending QUERY packet PID
- Multiusers login redirect different page in php
- Imaginary folder when I use "DirectoryIterator" in PHP?
- CodeIgniter + XDebug: debug only working in the main controller, index() function
- PHP script timeout when I use sleep()
- posting javascript populated form to another php page
- AJAX PHP - Reload div after submit
- PHP : How can I check Array in array?
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in SSL
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- SSL: Error parsing the certificate: Ok
- PHP mysqlnd sha256_password plugin "Access denied", user works from cli mysql
- CFNetwork SSLHandshake failed iOS 9
- Java does not accept 2 methods with same name
- Expected Compatibility Issues with upcoming TLS/SSL Cipher Suite update on Azure WebApps?
- python requests SSLError
- Connecting via mutual SSL fails reading incoming changeCipherSpec
- HTTP to HTTPS mapping using proxy servers
- Ruby on Windows XP: How to change directory of SSL certificates
- KeyStore file is not found in jar, although present in jar
- How do I accept a self-signed SSL certificate using iOS 7's NSURLSession
- Chef remote_file from https site with self signed certificate
- Meteor force-ssl on a staging system without ssl cert?
- Use python SSL to download google.com.au page
Related Questions in FOPEN
- Saving File to Folder using PHP
- PHP: converting fopen to file_get_contents?
- php fopen error on fedora 21
- a+ and a mode with fopen()
- Matlab Crahes upon fopen in Mex File
- Ignoring return value of fscanf and Segmentation fault
- Can't open anything with fopen
- php fwrite doesn't doesn't create filenames as they are imported(ÅÄÖ becomes ääÃ)
- Creating new files based on pattern matching with regex, sprintf() and fopen()
- How to create and open many files using c program ? (say n files)
- Why my file is always empty when trying to read it using PHP?
- How to add or update values in a file using PHP
- fopen does not work properly and I get segmentation fault when I use fclose
- Warning with, fopen, feof and fgetcsv
- While writing into a file , Where intermediate data stored in between fopen() and fclose()?
Related Questions in MAN-IN-THE-MIDDLE
- Performing TCP connections automatically with libpcap
- How can I get rid of a Man in the Middle (MitM) hacker from stealing web form data?
- Can browser (Chrome, Firefox) extensions install additional certificate authorities?
- Android. Secondary preferred app
- Possible secuirty flaw in symmetric authentication
- Why doesn't SSH use the interlock protocol?
- Can't compile simple program with tcp.h because of error from endianess?
- ettercap not scanning all hosts
- Creating Java Proxy MITM
- ssh remote host identification has changed
- Set up port forwarding for SSLSplit (Supports ipfw fwd only) on OSX Mavericks
- difference between Man-in-Middle and DNS poisoning attack?
- Does PHP's fopen() protect against typical attacks when accessing https resources?
- Tool to intercept data between Flash and PHP
- Python3 Man in the Middle: Bind socket to ANY IP
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Not by default, no.
It will always provide some form of protection against simple eavesdropping attacks as the data will always be encrypted (as long as the SSL server you are connecting to allows at least one encrypted cipher to be used - yes, null-encryption ciphers are allowed in HTTPS connections :roll-eyes:) However, by default, it will not protect against man-in-the-middle as it doesn't validate the server's certificates, therefore you cannot have any confidence that you have connected to the intended server.
Certificate validation can be switched on. To do so, you will need to provide a root certificate bundle and use the fourth argument to
fopenthat allows you to specify a stream context. The stream context allows you to modify the behaviour of the stream. The example below switches causes certificates to be validated against the root certificates in the specified bundle file.