facelessface Posted December 13, 2004 Share Posted December 13, 2004 I am in the process of setting up SSL access for my shop. the website address is :http://www.yaoh.co.uk while the secure space is at: https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk/catalog/ do i essentially need two copies of the website, one at each location so it can transfer between one and the other when security is needed and not? my sites: ---------- www.preciousmetal-online.co.uk www.liparazzi.com www.yaoh.co.uk Link to comment Share on other sites More sharing options...
facelessface Posted December 14, 2004 Author Share Posted December 14, 2004 Also could I make the entire shop secure - by placing it on my secure server, and then set the server settings as follows: define('HTTP_SERVER', 'https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', '); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', ''); define('HTTPS_COOKIE_DOMAIN', ''); would it still be secure? my sites: ---------- www.preciousmetal-online.co.uk www.liparazzi.com www.yaoh.co.uk Link to comment Share on other sites More sharing options...
mhormann Posted December 14, 2004 Share Posted December 14, 2004 DON'T do your whole shop. It will make things dramatically slow, especially on a shared server and a shared SSL. Provided Vger doesn't correct me (see here), I'd recommend something on the lines of: define('HTTP_SERVER', 'http://www.yaoh.co.uk'); define('HTTPS_SERVER', 'https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.yaoh.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'shared-ssl.xcalibre.co.uk'); // ??? define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/www.yaoh.co.uk/catalog/'); // ??? define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); whereas, for the admin panel (if you haven't made other provisions for safety), I'd use ?define('HTTP_SERVER', 'https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk'); // this SSL to secure whole admin ?define('HTTP_CATALOG_SERVER', 'http://www.yaoh.co.uk'); ?define('HTTPS_CATALOG_SERVER', 'shared-ssl.xcalibre.co.uk/www.yaoh.co.uk'); (plus an appropriate .htaccess) Oops, almost forgot: Just one location for your shop is needed, the 'shared-ssl...' stuff is just kind of proxy that makes you secure but actually accesses the same files you have under 'www.yaoh.co.uk'. HTH, M. I don't want to set the world on fire—I just want to start a flame in your heart. osCommerce Contributions: Class cc_show() v1.0 – Show Credit Cards, Gateways More Product Weight v1.0 Link to comment Share on other sites More sharing options...
facelessface Posted December 14, 2004 Author Share Posted December 14, 2004 Oops, almost forgot: Just one location for your shop is needed, the 'shared-ssl...' stuff is just kind of proxy that makes you secure but actually accesses the same files you have under 'www.yaoh.co.uk'. This doesnt seem to be the case for mine, if i FTP to the shared space it is empty, and i can't access files on it as if it were the www.yaoh.co.uk website. Is there any way i can get it to access the same files as under www.yaoh.co.uk? my sites: ---------- www.preciousmetal-online.co.uk www.liparazzi.com www.yaoh.co.uk Link to comment Share on other sites More sharing options...
mhormann Posted December 15, 2004 Share Posted December 15, 2004 Now that's odd... you can FTP to it? With my provider, it's just a redirection using another server for the certificate stuff, and it proxies me to my own space. They wouldn't even LET me connect to that proxy space. So, like https://ssl-account.com/mydomain.com/catalog/index.php would actually refer to the same file as referenced by http://www.mydomain.com/catalog/index.php which would be (in my case) something like /www/htdocs/contractnumber/catalog/index.php on their machine. And for FTP, I'd only have ONE place: ftp://mydomain.com Hope that's understandable. One never stops learning. Maybe you could ask them how it's actually implemented? To me, it doesn't really make sense having everything duplicated—you won't be able to duplicate TRANSACTIONS. If it's really like you say, AND you have both file spaces on the same server (or have linked filespace AND FollowSymLinks is on), AND they run Apache, you might succeed with putting a nice .htaccess file in your 'shared-ssl' domain that actually only rewrites each and every URL to your actual filespace. I don't want to set the world on fire—I just want to start a flame in your heart. osCommerce Contributions: Class cc_show() v1.0 – Show Credit Cards, Gateways More Product Weight v1.0 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.