Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How do we make our OsC secure using SSL?


dsully

Recommended Posts

want  the admin panel to say "You are  protected by a secure SSL connection."

 

 

SSL is encryption for data passed between one server and another - it does not protect the server

 

to do that you need to user \ pwd protect the admin directory using your server admin tools or .htaccess or by changing base apache settings if you have access to them

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Link to comment
Share on other sites

SSL is encryption for data passed between one server and another - it does not protect the server

 

to do that you need to user \ pwd protect the admin directory using your server admin tools or .htaccess or by changing base apache settings if you have access to them

 

Charles

 

I have the same message at the admin area -- "You are not protected by a secure SSL connection."

 

I did password protect the admin directory, but my concern is that once we're into admin, we can view customer credit card info. Shouldn't the admin pages be secure or does that not matter because the directory is password protected?

 

I just want to make sure the customers' credit card info is safe. Thanks.

 

-Kristie

Link to comment
Share on other sites

The best way to ensure customer's credit card information is safe is simple. Don't store it on the server.

I don't know how the stock OSC handles this, but it is a very serious oversight if it stores this info in the database at all IMO.

By storing this info (unencrypted, I assume), and even worse, viewing it over an unsecure connection, you are probably in breach of the T&C of VISA/Mastercard etc.

Link to comment
Share on other sites

The best way to ensure customer's credit card information is safe is simple. Don't store it on the server.

I don't know how the stock OSC handles this, but it is a very serious oversight if it stores this info in the database at all IMO.

By storing this info (unencrypted, I assume), and even worse, viewing it over an unsecure connection, you are probably in breach of the T&C of VISA/Mastercard etc.

 

Interesting... I was recommended to oscommerce by someone I thought knew what they were doing. I can't imagine there being such a grave oversight. I thought I was installing something that at least had the basics down and I could work with from there. I guess I was wrong. This is disappointing. My client processes the cards manually. So he needs to receive the credit card information. But he's not even receiving order emails as the admin on oscommerce -- oscommerce isn't even attempting to send him emails according to server reports. I'm receiving emails as a test because I added myself to "send copies". This is not good.

 

Thanks for your help. If you have any ideas on how to fix this, please let me know. I'm sure setting up a merchant account on line or using paypal is one way << but I don't think he wants to do either.

 

Just a safe way to send him credit card details would be great. Any ideas or is this a nogo??

 

-Kristie

Link to comment
Share on other sites

The best way to ensure customer's credit card information is safe is simple. Don't store it on the server.

I don't know how the stock OSC handles this, but it is a very serious oversight if it stores this info in the database at all IMO.

By storing this info (unencrypted, I assume), and even worse, viewing it over an unsecure connection, you are probably in breach of the T&C of VISA/Mastercard etc.

 

ps -- for manual processing of credit cards, how is the store owner supposed to get the information safely? How would this normally happen outside of oscommerce?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...