bad_lemming Posted November 15, 2004 Posted November 15, 2004 Hi Guys, I am new to these forums so I apologize in advance if I am putting this in the wrong place. I have been working on my first OSCommerce store and the going has been going well, if not a bit frustrating :). I have now come to a point where I need to think about security. My first idea was that I would be using paypal cart so I don't need to worry too much about SSL etc for right now. However, for admin security and in case people decide to store addresses etc.. on my sight, i figured I better think twice. This leads me to the point of this post. What are your suggestions and experiences regarding SSL. I have looked at different places for a certificate and the best I can find is around 50.00 a month. As I am trying to keep my budget as absolutely thin as possible I would like to try to avoid this. I have been reading up on the technical aspects of SSL, and I think I have a workable knowledge. Whatever advice you guys can offer would be much appreciated. This is an awesome community and I have been leaning on it heavily in the form of contributions and old threads and I am thankful for it.
Guest Posted November 15, 2004 Posted November 15, 2004 wow, 50 a month for a cert,iw ant part of that! best bet is to find a host, where you can use a shared ssl, if you are processing payments via paypal.
bad_lemming Posted November 15, 2004 Author Posted November 15, 2004 wow, 50 a month for a cert,iw ant part of that!best bet is to find a host, where you can use a shared ssl, if you are processing payments via paypal. <{POST_SNAPBACK}> Ha, sorry I meant $50 a year :) Are there any drawbacks to the using a shared SSL?
Guest Posted November 15, 2004 Posted November 15, 2004 only drawback is your domain name is not there. $50 per year is not very much at all.
Guest Posted November 15, 2004 Posted November 15, 2004 ...My first idea was that I would be using paypal cart so I don't need to worry too much about SSL etc for right now. However, for admin security and in case people decide to store addresses etc.. on my sight, i figured I better think twice. ... <{POST_SNAPBACK}> With respect to admin security: SSL connection is desireable but IMO the more important issue is getting the directory password protected. Most domain contol panels have a quick secure feature which is as simple as a point-and-click. For the more technically savvy edit the .htaccess and htpasswd files accordingly.
Guest Posted January 6, 2005 Posted January 6, 2005 IMO protecting your directories is important, but you definitely need to be concerned with your SSL. If not you're leaving customer's open to attack, and possibly yourself to liable. Essentially the point of SSL is for data transfer security, not to protect your site. Because of the way sessions/cookies are handled for ecommerce, without live data being encrypted your customer's session info can easily be intercepted by a malicious party that knows what they're doing. Most the single root cert providers offer a level of financial loss insurance, thus why the big boys like Verisign are so expensive. With respect to admin security: SSL connection is desireable but IMO the more important issue is getting the directory password protected. Most domain contol panels have a quick secure feature which is as simple as a point-and-click. For the more technically savvy edit the .htaccess and htpasswd files accordingly. <{POST_SNAPBACK}>
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.