Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Do I really need SSL?


Guest

Recommended Posts

My webhost offers an SSL option (for a price), but do I really need it?

 

My site will be using Paypal or other money exchange services and I do not expect to be processing my own credit cards in the near future. I expect that as business grows, I will move to SSL, but for now, do I really need it now? Do I need it if I don't accept CCs directly?

 

Thank you,

Buck

Link to comment
Share on other sites

Most people who use credit cards online like to see that padlock before they start typing their details at signup - so IMO, yes - they are cheap enough :D

 

Matti

Link to comment
Share on other sites

No you do not need SSL if only using PayPal or third party processors.

 

To re-assure people you need to explain this on one of your information pages and you can even add this kind of text to your checkout_payment page.

Link to comment
Share on other sites

SSL is needed to prevent a persons information from being stolen. Some people care that there name, date of birth, phone number, etc. are protected. Without a certificate, that information is not protected.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

No you do not need SSL if only using PayPal or third party processors.

 

The above is patently wrong - and Jack's advice is correct.

 

It's not only the checkour process BEFORE you go to the card processing site that needs to be encrypted, but also the Create Account data being transferred with people's names, addresses, phone numbers, d.o.b. etc. Then once people have an account the accound_edit pages need to be encrypted whilst data is being updated.

 

Vger

Link to comment
Share on other sites

The above is patently wrong - and Jack's advice is correct.

 

It's not only the checkour process BEFORE you go to the card processing site that needs to be encrypted, but also the Create Account data being transferred with people's names, addresses, phone numbers, d.o.b. etc.  Then once people have an account the accound_edit pages need to be encrypted whilst data is being updated.

 

Vger

 

I am starting this thing on less than a shoe-string budget, but as soon as I can afford it I will get SSL. For someone not accepting CC's directly from the site, OSC does require a lot of information. Hopefully a future patch will allow us to choose the required fields.

 

However, in the meantime, what settings do I need to make to my folders/files for maximum safety and yet still allow this to work?

 

Thank you,

 

Buck

Link to comment
Share on other sites

Buck - you should have access to a shared ssl from your hosting company - at no extra cost (should be included in your package). Find out from them what the shared ssl address is and post back here for advice on setting it up.

 

In the meantime, rename your 'admin' folder to something unique, and edit the two references to /admin/ to /newname/ in admin/includes/configure.php and then password protect the newly renamed admin folder via your web hosting control panel. With the exception of your two configure.php files all other files should have permissions of 644, and folders permissions of 755.

 

Vger

Link to comment
Share on other sites

In the meantime, rename your 'admin' folder to something unique, and edit the two references to /admin/ to /newname/ in admin/includes/configure.php and then password protect the newly renamed admin folder via your web hosting control panel. With the exception of your two configure.php files all other files should have permissions of 644, and folders permissions of 755.

 

I posted a message with my webhost's Tech Support. hopefully next week I'll have an answer on the SSL issue.

 

I renamed my admin folder to a generic name and looked at configure.php. I only found one instance of 'admin'. you said there are two references? Where might I find the second?

 

I changed the one, which defined a variable or constant, and all appears to be working. It even appears that a 5 year old from the UK wants 'a bug's life'.

 

Right now, until I get my settings corrected, I suppose permissions should be set to 777. Once I get all my company information, banner, etc set, I then change them to 644/755 as per your above. The folders, admin and downloaded are both password protected as it was setup from the install utility.

 

Thank you, again.

 

Buck

Link to comment
Share on other sites

Resolved, for now.

 

My Webhost has informed me that SSL is available for a one time fee, or if I purchase my own, for small setup fee plus an on-going monthly fee, they will install it.

 

I have decided to get started without SSL for now but to add it as soon as it is economically feesible.

 

Thank you all for your input.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...