Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL & Admin Password


BrioMusic

Recommended Posts

Hi! I have a few questions about SSL & securing my site. I'm totally new to all of this. I am using a host that is a windows server.

 

In my Admin panel it says "You are not protected by a secure SSL connection." I do have an SSL secured link that the host provided. Where do I need to add that info? It looks like it is not set up right in the includes/configure.php.

define('HTTPS_SERVER', 'https://ssl6.cartmedia.com'); // eg, https://localhost - should not be empty for productive servers

 

That's not the rights https address. So, do I change that? Do I need to make changes to any other files?

 

Also, my admin. panel was set up by the host w/ a password. Is that all I need to secure the adminstration of the site?

 

Thanks!

~Melissa

Link to comment
Share on other sites

You can secure you admin better by setting the HTTP_SERVER define (admin only) to your SSL URL.

 

The sevrver administered password as you have it is the best option for admin login.

 

Matti

Link to comment
Share on other sites

I suppose that is the top line definition in catalog/admin/includes/configure.php and NOT the topline definition in catalog/includes/configure.php.

 

Cheers,

Al

 

 

That is correct :D

 

Matti

Link to comment
Share on other sites

That is correct  :D

 

Matti

 

I still have a few more questions about this. If I make this change is it securing my whole site? It seems like many people in the forums say you don't need to have your whole site secure just the pages for purchasing and transferring personal info. So, is it OK that is says You are not protected by a secure SSL connection on my admin screen? I haven't gotten as far as setting up the payment options so perhaps this is something I just set up at that point?

 

Also, if I for sure need to change it I would just change the http link to the https link for the SSL provided by my host? Correct? You said to change it to https//domain.com but the https provided by the host doesn't have my domain name in it. It says that the link points to my root folder and any web site file viewed in that browser will be encrypted.

 

Thanks for helping this extreme novice!

 

~Melissa

Link to comment
Share on other sites

It will secure your entire admin, not your whole site. The https URL your webhost provides is correct.

 

The HTTPS_SERVER settings on the catalog side secure the checkout procedure and customer's account pages - the remainder of the catalog will run as normal.

 

Matti

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...