Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Is it secure?

Talie

By Talie
in General Support

Recommended Posts

Talie

Talie

Posted
Posted

OK - i've just set up osCommerce on my site (installed via cpanel on my host)

 

I have a shared SSL and referenced that when installing.

 

My quesiton is....HOW is the data for orders stored/retrieved securely?

 

I just created a dummy order to make sure everything was working.... admin received the notification email ok, but when you click on the link to view the order, it doesn't appear to be at all secure and anyone with a password can see all the details!

Thomas_Burke

Thomas_Burke

Posted
Posted
OK - i've just set up osCommerce on my site (installed via cpanel on my host)

 

I have a shared SSL and referenced that when installing.

 

My quesiton is....HOW is the data for orders stored/retrieved securely?

 

I just created a dummy order to make sure everything was working.... admin received the notification email ok, but when you click on the link to view the order, it doesn't appear to be at all secure and anyone with a password can see all the details!

 

But they would need that password, and the email address that goes with it. Any information sent over https is secure.

My contributions
Talie

Talie

Posted
  • Author
Posted
But they would need that password, and the email address that goes with it. Any information sent over https is secure.

 

 

i'm not convinced considering you can access the same pages through http - not just through https

Guest

Guest

Posted
Posted

Welcome,

 

Orders can be seen in the admin, but in my case all I see is the billing/shipping addresses and the contents of the order. I do not see any CC detail. Your admin should be https:// also. What you can/should do also is rename your admin directory to something obscure (and make the changes in your 2 configure.php files) so that it is harder to find the admin on your site. You should also password protect your admin directory via Cpanel or whatever you are using.

 

There are several ways for osC to handle CC payments, you can have a partial CC number emailed to you and the other part of it is in osC, this is for offline CC processing. There are also numerous payment gateways that can be used each with their own security features. I use one and I have no access to the customers CC numbers. There are also modules for things like Paypal where the customer is taken to another secure site where they enter the CC details and you just get email confirmation that the invoice has been paid.

 

No matter what it is up to you to make sure that the customers info is protected and secure. Osc will give you help with that but the responsibility lies with you, the store owner.

 

HTH

 

Peter

Talie

Talie

Posted
  • Author
Posted
Welcome,

 

Orders can be seen in the admin, but in my case all I see is the billing/shipping addresses and the contents of the order.  I do not see any CC detail.  Your admin should be https:// also.  What you can/should do also is rename your admin directory to something obscure (and make the changes in your 2 configure.php files) so that it is harder to find the admin on your site.  You should also password protect your admin directory via Cpanel or whatever you are using.

 

THanks Peter, sounds like wise move to change the name of the admin folder - I will definately do that.

 

I just know that my boss is going to grill me about whether or not it's really secure....although, as long as she sees the padlock I think she'll think it is.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...