samstone Posted August 17, 2005 Posted August 17, 2005 Ok ,here's what I have seen ,don't know if this is a security issue,but. all ssl works (except for admin page not showing padlock)??? IE and mozzlia show padlocks on the right pages. if a person goes to the pages and plays with the url taking out the s in https my certicate comes up with domain mismatch. I would like to code in a redirect to warning page with link back or just back to the https secure page. PS I use a signed certificate from godaddy not shared my securte page starts biz.com/catalog/ unsecure is www.biz.com/catalog Thanks for all the usefull stuff here this place is Great
♥Vger Posted August 17, 2005 Posted August 17, 2005 In your configure.php files make the http address read http://biz.com/catalog. Then when someone moves from the https address to the http address there'll be no domain mismatch. Vger
samstone Posted August 17, 2005 Author Posted August 17, 2005 But will the site still be secure,cetificate is signed for biz.com not www.biz.com would having all files going through ssl ,make it slow ,what about search engines? Regards L.Nichol thanks for fast reply went to known secure site and tried it there I get a redirect reload back to the https pages?
♥Vger Posted August 18, 2005 Posted August 18, 2005 You've misunderstood the bit about the address of the certificate and the address of your site. Depending on your type of server the certificate is issued either to www.yourdomain.com or just to yourdomain.com. This does not mean that people who go to any 'yourdomain.com' address will be on an ssl page. Only people who go to addresses which begin with https://yourdomain.com will go to SSL pages. If you set your http address to http://yourdomain.com and your https address to https://yourdomain.com then osCommerce will automatically decide which pages are covered by ssl and which are not. Only a small number of pages will be https. Search engines do not give rankings to https pages, which is a good thing because they are pages you don't want listed in search engines. Vger
samstone Posted August 18, 2005 Author Posted August 18, 2005 I found this,was looking for more of a walk through on one page that defines all https pages this needs put in all https urls so far it works also found I may be able to do this in httpd apache config. will look it up some more your suggestion works as far as the certificate prompt but a user can still mess with the address and not be secure (2nd party cafe shop may have a way to pirate info if customer is not paying attention) <?php /** This page can be included in any PHP page, that you need to use only "https" and NOT "http". */ function move_them($url="") { if (empty($url)) { print "Null-string passed to <b>move_them()</b>"; } else { // printing a meta redirect tag will move them $string = "<meta http-equiv=\"Refresh\" "; $string .= "content=\"0;URL=$url\">"; print $string; } } function ask_them($url="") { if (empty($url)) { print "Null-string passed to <b>ask_them()</b>"; } else { print "Please use our secure sight: "; print "<a href=\"$url\">$url</a>"; exit; // very important } } // main() $docu = $PHP_SELF; $name = $SERVER_NAME; $sslp = $SSL_PROTOCOL; if (empty($sslp)) { $url = "https://$name$docu"; move_them($url); // ask_them($url); /* uncomment the above accordinly */ } ?>
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.