Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Making a shop secure


rgloverd

Recommended Posts

Hi,

Do you think that I should still make a shop secure if I only intend to allow paypal as the only method of payment? what do you think? should I still use it for the admin area and customer area? this is the first time ive setup a online shop so any advice would be great,

Thanks,

Richard

Link to comment
Share on other sites

Hi,

Do you think that I should still make a shop secure if I only intend to allow paypal as the only method of payment? what do you think? should I still use it for the admin area and customer area? this is the first time ive setup a online shop so any advice would be great,

Thanks,

Richard

 

It is not as important but it will most likely look better to your customers. You may be able to used a shared certificate from your host but as the price of certificates have dropped quite a bit if you are going to secure your site you might as well get your own.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

You should really have it for when your customers enter their details. A lot of people won't enter their name/address etc on an unsecure page. (i wouldn't)

All these details are entered well before they reach the Paypal area.

On OsCom it will secure everything from log-in to checkout, which is best.

 

HTH

 

Julian

A little knowledge is dangerous, I SHOULD KNOW.

If Life Begins At 40, What ends????

Link to comment
Share on other sites

Once you have your ssl cert in place, you set it up in your catalog/includes/configure.php to secure only from log-in to checkout. Not the index and product info area. This then only goes https when the customer has to enter any info, username, password, etc.

You can also ssl your admin via catalog/admin/includes/configure.php

I personally wouldn't do my admin this way as it will slow down the server, there is a contribution that will do this without ssl. (not too sure which one it is though)

Like ozcsys said, the price of ssl is quite cheap now, i would get your own. Ask your host how much they can provide one for and implement it. It may cost a few quid more than doing it yourself, but it takes the hassle out of it.

All you have to do is set up your configure.php when they have sorted it.

 

Julian

A little knowledge is dangerous, I SHOULD KNOW.

If Life Begins At 40, What ends????

Link to comment
Share on other sites

You can also ssl your admin via catalog/admin/includes/configure.php

I personally wouldn't do my admin this way as it will slow down the server, there is a contribution that will do this without ssl. (not too sure which one it is though)

I'm assuming you're referring to Password Protecting that folder, which is fine as far as it goes. However, hackers use Password Crackers which can break many passwords. I had someone have a go at a password protected area of one of my sites the other day. They were only online for under a minute, but in that time it ran thousands of possible password combinations. Having it behind ssl means that all information is also encrypted. It may slow things down a little, but it makes it a whole lot more secure.

 

Vger

Link to comment
Share on other sites

I was just about to buy an ssl certificate, but just noticed that the url changes.

When you first arrive at the shop it is in the form www.mydomain.co.uk

But when you click on anything and go to another page it gets rid of the 'www'

SO what do I get the certificate for is there a way to make it keep the 'www'

Any ideas,

Thanks,

Richard

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...