Major Securiy Issues

[factorypolaris]

When you are in the admin page https://www.mysite.com/oscommerce/admin.index.php

 

You start with a secure connection (https://) but no matter what link you click it takes you out of a secure connection (http://) This includes when you are looking at customers and there credit card number!!

 

Does anyone know of a way that when ever you are in the admin section everything can be transfered vis SSL. Its a matter of changing every link in the admin section. I hope there is an easy awnser to this .

 

Please help.. How can this be done and howcome it is the way it is?

[hrhstephen]

When you are in the admin page  https://www.mysite.com/oscommerce/admin.index.php

 

You start with a secure connection (https://)  but no matter what link you click it takes you out of a secure connection (http://)  This includes when you are looking at customers and there credit card number!! 

 

Does anyone know of a way that when ever you are in the admin section everything can be transfered vis SSL.  Its a matter of changing every link in the admin section.  I hope there is an easy awnser to this . 

 

Please help..  How can this be done  and howcome it is the way it is?

<{POST_SNAPBACK}>

Have you checked where OScommerce is storing Cache and Sessions under Configuration, on my site this went to a shared space on the hosting server /tmp/ which obviously is not secure....

[user99999999]

Change your config file.

 

catalog/admin/includes/configure.php

[factorypolaris]

Change your config file.

 

catalog/admin/includes/configure.php

<{POST_SNAPBACK}>

 

Solved That Problem, Thank you very much for the advise!!!

 

Chris