owl17sb Posted March 29, 2006 Posted March 29, 2006 Can anyone give me clear and consise info on what I would need an SSL for...... I have installed Paypal on my site and this is the only payment option I have offered. I think I understand that customers will be directed to our Paypal account when they checkout and all the credit card info will be entered on their secure site. Do I need an SSL if my customers create an account. Does the SSL keep their account details safe like address etc? If I decide not to have my own SSL and just use Paypals and I remove the option for customers to create an account and not store any of their details how do I know where to send the goods - will this come via a receipt from Paypal like it does on Ebay? Sorry if these sound like basic questions but everyone I have asked seem to skirt around the main question and answer something else. Thanks in anticipation
bwprice100 Posted March 29, 2006 Posted March 29, 2006 ..................If I decide not to have my own SSL and just use Paypals and I remove the option for customers to create an account and not store any of their details how do I know where to send the goods - will this come via a receipt from Paypal like it does on Ebay?................. Hi I would agree with you that perhaps an SSL certificate is not needed in your case. Aprt form the security that SSL give it also give confidence and perhaps if you were storing customer account setups, which if not secure could possibly allow some other than the customer to get hold of information and even do some mischief. Brian
custodian Posted March 29, 2006 Posted March 29, 2006 Can anyone give me clear and consise info on what I would need an SSL for...... I have installed Paypal on my site and this is the only payment option I have offered. I think I understand that customers will be directed to our Paypal account when they checkout and all the credit card info will be entered on their secure site. Do I need an SSL if my customers create an account. Does the SSL keep their account details safe like address etc? If I decide not to have my own SSL and just use Paypals and I remove the option for customers to create an account and not store any of their details how do I know where to send the goods - will this come via a receipt from Paypal like it does on Ebay? Sorry if these sound like basic questions but everyone I have asked seem to skirt around the main question and answer something else. Thanks in anticipation SSL does not keep their personal information safe - it only protects it in transit. Once anything is on your server it is then your responsiblity to make sure it stays secure. This is not effected by having an ssl or not having an ssl. Think of it this way. You send my 1 million dollars ina locked safe through the mail - the safe is the SSL in this example - the SSL/Safe protects the money while in transit. Once I get it to my house the courrier drops off the money but leaves with the safe... Now I have a pile of money that is MY responsiblity to keep safe. The safe doesn't me no good any more unless I need to resend the money some where else. Prior to obtaining an ssl and forwarding people to off site processing I noticed two things #1 - I got a lot less people signing up for accounts because the ssl wasn't there - the automatically assume the place the info is stored is safe but don't want to send the info over open lines... and in any case, even if they do not create any account, you still need to store some info about them in order to do some type of record keeping. #2 - Some people would not pay because they were going through the steps, but did not see the ssl connection, I eventually placed a personalized message on all the check out pages stating that the last stage would forward them to a secure site. My opinion is an e-commerce grade ssl cert can be obtained for as little as $24 per year, that $24 will generate much more of a return on inventment since it gives your customers a much high sense of security is a wise choice. My Contributions Henry Smith
owl17sb Posted March 30, 2006 Author Posted March 30, 2006 Thanks for the clear answer. I have decided to bite the bullet and get an SSL and have just spend about an hour trying to install it!! Thanks Again
khoking Posted March 31, 2006 Posted March 31, 2006 can anyone suggest a good SSL certificate? An affordable one at around US$50 or less if possible...but still secure type... :) Best regards, Koh Kho King
jasonabc Posted March 31, 2006 Posted March 31, 2006 I have decided to bite the bullet and get an SSL and have just spend about an hour trying to install it!! Your ISP - if they are anyway decent - should install this for you. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
owl17sb Posted March 31, 2006 Author Posted March 31, 2006 I have just purchased an SSL with Geotrust. My ISP is Vodahost and I have purchased a dedicated IP address and I think I have done everything I need to do. I have received an email from Geotrust saying Congratulations you have purchased an SSL with a load of script!!!! What do I do with it? I'm pretty sure my configure.php files are OK - if I change the enable SSL from True to False I am able to create accounts, login and checkout all OK. As soon as I change the configure.php to True I get "Page cannot be displayed" Although I get this message the URL states https so I think that is correct. What else do I need to do?
Guest Posted March 31, 2006 Posted March 31, 2006 Even if you do not technically need SSL to make things work, my opinion (for what it's worth) is that you certainly have a moral obligation (and indeed a LEGAL obligation) to your customers to keep their data safe. This includes the details they input such as their name, address etc. It also includes the credit card details that fly between OSC and your payment gateway (Worldpay, SECPay, or in your case, Paypal). You most definitely should always use SSL for these connections. That's what it was invented for and that's why OSC supports it. Of course, you should also make sure that your database is secure :-) Rich.
Guest Posted March 31, 2006 Posted March 31, 2006 unless you host your shop yourself (on a server you own), it's your host's responsibility to ensure the database is safe.. not much you can do on that end, otherwise. :)
Guest Posted March 31, 2006 Posted March 31, 2006 unless you host your shop yourself (on a server you own), it's your host's responsibility to ensure the database is safe It most certainly isn't !!!! It's YOUR responsibility. The host may have a responsibility to you, but YOU have a responsibility to your customers. .. not much you can do on that end, otherwise. :) Possibly true, but that does NOT move the responsibility away from you, either legally or morally. If you choose to subcontract your database management out to someone else then fine, but that's not your customer's problem and if there were any legal proceedings against you regarding breech of privacy, I seriously doubt that this argument would hold any water at all. Rich.
aespinal Posted March 31, 2006 Posted March 31, 2006 can anyone suggest a good SSL certificate? An affordable one at around US$50 or less if possible...but still secure type... :) A good and secure Certificate $27.95 http://domainsits.com
jasonabc Posted March 31, 2006 Posted March 31, 2006 If you choose to subcontract your database management out to someone else then fine, but that's not your customer's problem and if there were any legal proceedings against you regarding breech of privacy Interesting post - surely if legal proceedings for a privacy breech were instigated by a customer against you - you could claim it all back by the inevitable proceedings you (the store owner) would be perfectly entitled to instigate against your host for slack db security? Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
Guest Posted March 31, 2006 Posted March 31, 2006 It most certainly isn't !!!! It's YOUR responsibility. The host may have a responsibility to you, but YOU have a responsibility to your customers.Possibly true, but that does NOT move the responsibility away from you, either legally or morally. If you choose to subcontract your database management out to someone else then fine, but that's not your customer's problem and if there were any legal proceedings against you regarding breech of privacy, I seriously doubt that this argument would hold any water at all. Rich. on most shared servers, you do not have access to alter the database settings (such as phpmyadmin passwords). you can usually only specify database usernames & passwords (via something like cpanel), but you can not set something like htaccess for phpmyadmin unless you have server rights NOR do you have the ability to update your version of phpmyadmin without server rights. with that said, can you explain to me how exactly the hostee is responsible?
Guest Posted April 7, 2006 Posted April 7, 2006 Interesting post - surely if legal proceedings for a privacy breech were instigated by a customer against you - you could claim it all back by the inevitable proceedings you (the store owner) would be perfectly entitled to instigate against your host for slack db security? That all depends on what sort of agreement you have with your host. Still doesn't solve the bad publicity you'd get as a result of it though. Rich.
Guest Posted April 7, 2006 Posted April 7, 2006 on most shared servers, you do not have access to alter the database settings (such as phpmyadmin passwords). you can usually only specify database usernames & passwords (via something like cpanel), but you can not set something like htaccess for phpmyadmin unless you have server rights NOR do you have the ability to update your version of phpmyadmin without server rights. with that said, can you explain to me how exactly the hostee is responsible? What you say regarding the hostee's access to the database is absolutely correct. But as I said, this does not remove responsibility away from you. When a customer comes to you to buy something (and to give you their personal details so you can post it to them), their contract is with YOU. Their contract is NOT with Joe Blogs Hosting Co. To suggest that the responsibility to keep the customer's information secure is not yours is akin to the wife that hires a hit man to kill her cheating husband. She didn't pull the trigger, but that's not the point ! You simply can not shirk the responsibility - if you choose to hire someone else to manage your database and you are quite happy to leave the security of that database in their hands then fine. But that does not change the fact that the customer's contract is with you. Of course, if you have a contract with the hosting company that specifically says that they ARE responsible then fine, but I can't believe ANY hosting company would make that assurance (unless they charge a great deal for their service); they would leave themselves to being sued out of existence if anything bad happened. Rich.
Guest Posted April 7, 2006 Posted April 7, 2006 on most shared servers, you do not have access to alter the database settings (such as phpmyadmin passwords). you can usually only specify database usernames & passwords (via something like cpanel), but you can not set something like htaccess for phpmyadmin unless you have server rights NOR do you have the ability to update your version of phpmyadmin without server rights. with that said, can you explain to me how exactly the hostee is responsible? you are responsible for not taking care of your customers data, its upto you to ensure that not the isp, i severely doubt you could claim from the host either..
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.