Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Basic PHP SSL


Guest

Recommended Posts

Hi Guys, a basic question.

 

I know php has a lot to do with encription/security, does the fact that php scripts, write details to a dbserver mean that the read write process is secure in itself?

 

I've currently purchased some shared ssl space, should I install the whole catalog to this web space so that all pages are secure by default? or only certain ones?

 

I'm going to use a form of offline cc processing. have read a really good post from secretagent on how help secure this using contributions:

EZ" Secure Order & Customer Viewing for osCommerce

CVV for cc.php

Clear CC number from orders

 

The bit I'm unclear on is when the php script is secure-encrypted/(transmitting secure details) what then is the purpose of ssl. Is it esentialy another layer of security over and above the php scripts.

 

 

Forgive the dumbness I'm still a newbie, Thanks

Link to comment
Share on other sites

SSL is needed for the communication between the server and the client's browser to be secure. So it is still very essential to secure transactions. Most customers won't even consider putting their confidential info into a web page that isn't SSL secured.

 

The regular catalog pages don't need to be secured, but I would secure the admin and all account and checkout pages.

 

PHP itself is a programming language and doesn't implement security. Rather, properly written, it will utilize SSL encryption that is made available to it by the server. The topic of web security can (and does) fill books.

 

hth

 

 

Hi Guys, a basic question.

 

I know php has a lot to do with encription/security, does the fact that php scripts, write details to a dbserver mean that the read write process is secure in itself?

 

I've currently purchased some shared ssl space, should I install the whole catalog to this web space so that all pages are secure by default? or only certain ones?

 

I'm going to use a form of offline cc processing. have read a really good post from secretagent on how help secure this using contributions:

EZ" Secure Order & Customer Viewing for osCommerce

CVV for cc.php

Clear CC number from orders

 

The bit I'm unclear on is when the php script is secure-encrypted/(transmitting secure details) what then is the purpose of ssl. Is it esentialy another layer of security over and above the php scripts.

Forgive the dumbness I'm still a newbie, Thanks

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

does the fact that php scripts, write details to a dbserver mean that the read write process is secure in itself?

 

Actually the fact that php can be misused to write malicious code means that your website is less secure.

 

With regard to your shared ssl question - in the store itself osCommerce will automatically decide when it needs to shift between secure and non-secure (you only have to set up the shared ssl pathway in includes/configure.php and turn on the ssl function there).

 

In your 'admin' folder it is a good idea to make http://www.yourdomain.com references to point to https://yourshared ssladdress/yourdomain.com

 

Also, in your osCommerce Control Panel go to Tools and click on Server Info, and see what version of php is being used. Any version less than 4.3.10 (four point three point ten) is open to abuse by the phpInclude.worm.

 

Vger

Link to comment
Share on other sites

(you only have to set up the shared ssl pathway in includes/configure.php and turn on the ssl function there).

 

In your 'admin' folder it is a good idea to make http://www.yourdomain.com references to point to https://yourshared ssladdress/yourdomain.com

 

Any version less than 4.3.10 (four point three point ten) is open to abuse by the phpInclude.worm.

 

Vger

 

(sorry, sounds like the case from what you say when I read your post but want to be clear in my understanding)

 

If I change the pathways to point to the ssl address does that mean I dont have to upload any osc pages to the ssl web space/ secure folder?

 

using vrs 4.3.10

Link to comment
Share on other sites

(sorry, sounds like the case from what you say when I read your post but want to be clear in my understanding)

 

If I change the pathways to point to the ssl address does that mean I dont have to upload any osc pages to the ssl web space/ secure folder?

 

using vrs 4.3.10

 

Yes, that is why I was advising putting the admin and all account and checkout pages in the secure section. Then, as Vger mentioned, just enter the appropriate URL information into each of the configure.php files (one in catalog/includes and the other in admin/includes).

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...