dsatchell Posted November 11, 2004 Posted November 11, 2004 I'm working on setting up my first store for my wife and will hopefully set some up in the future for customers of mine but I'm a little confused on the topic of SSL and security. I'm very far behind on the lingo and concepts of ecommerce much less how it relates to osCommerce so I'm hoping someone can offer a crash course. A couple of questions come to mind: 1. Do I have to secure my OSC site? 2. How secure is the site/data to begin with? 3. What portions of the site should be secure? 4. How would I test the security as it stands? 5. What are the pros/cons of running SSL and how does it affect the site? 6. Can I not run SSL on the site (insecure) and then when the customer goes to checkout be sucure? 7. Why would I not want to do #6? Thanx, Dave.
Guest Posted November 11, 2004 Posted November 11, 2004 enable SSL, and you have #6 + customer account/order info (when customer logs in). -jared
Guest Posted November 11, 2004 Posted November 11, 2004 if you were a customer, would you enter your personal information, credit card info, etc onto a site which has no ssl security? you will not get very many customers if you dont use ssl. you should do a bit of research on the internet about what ssl is and you will understand that. ssl only goes a tiny bit slower during the ssl pages, but for the most part the site does not use ssl, until info needs to be protected. osCommerce handles the security just fine for the pages required. so #7 isnt a point, as all handled automatically.
Guest Posted November 11, 2004 Posted November 11, 2004 I'll do my best, however some of your questions border on server/hosting information as well as your cart. 1. Do I have to secure my OSC site? >>> Many people are getting away with not securing their site. If you value your client's information and want to instill trust with them, then yes, you should. 2. How secure is the site/data to begin with? >>> With SSL, it only secures the information as it is passed from page to page. Your information stored in the database, is only as secure as the server/hosting company you choose. In other words, don't cheap out on a webhost. The good, non-cheap ones, like mine, ;) , have hardened their servers, run regular security tests, install instrusion detection services and disabled insecure scripts, etc. - which by the way, costs money 3. What portions of the site should be secure? >>> As far as SSL goes, anywhere inside the client login. Once you install your certificate, and modified the configure.php properly, it will pick it up automatically 4. How would I test the security as it stands? >>> You need to be more specific 5. What are the pros/cons of running SSL and how does it affect the site? >>> Con = $$$ Pro = securing your clients info and giving them confidence in you and your business 6. Can I not run SSL on the site (insecure) and then when the customer goes to checkout be sucure? >>> If you do, you won't be protecting their name, email, home address, etc 7. Why would I not want to do #6? >>> hmmmm, >>> a) well, if you don't care about the privacy of your clients >>> B) to be blunt, if you're too cheap (unfortunately this seems to be a popular reason)
bglkk Posted November 11, 2004 Posted November 11, 2004 I can't imagine why you wouldn't want an SSL cert to do business. You can get a GeoTrust QuickSSL Certificate for $49.00 for a year, well worth the added confidence that it will give your customers. http://www.ev1servers.net/english/quickssldetails.asp Server installation is not that difficult (you'll be able to find step-by-step instructions), and as Mibble mentioned osCommerce automatically handles switching to secure pages. The choice is a no brainer if you ask me... ;) "Buy the ticket, take the ride..." -HST
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.