Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Making my ADMIN secure for my SSL cert


Tsuri Japan

Recommended Posts

Just looking for some advice here.... I followed how to convert my admin to my ssl cert.

 

Here's what I did so far:

 

-changed my admin folder to my own original name

-went into my admin/install config file and changed the two sections that used to say ADMIN to my new name.

-went to my server and changed password and folder name to my new admim.

 

Checked my admin but the icon is still showing it as not being seure, to be exact:

You are not protected by a secure SSL connection.

 

What am I supposed to do to fix this?

 

Thanks,

 

Nigel

Link to comment
Share on other sites

You are confusing htaccess (username and password) for security encryption (SSL). The first requires you to enter a username and password to access a folder, the second simply encrypts data as it travels between a users browser and a webserver so it cannot be read if it is intercepted.

 

There is no need to move your Admin Tool over to an SSL connection - no sensitive data is contained in there. Password protecting it is enough. If you still wish to get your admin tool working with SSL - read this first:

 

http://www.oscommerce.com/forums/index.php?showtopic=151162

Link to comment
Share on other sites

  • 2 weeks later...
You are confusing htaccess (username and password) for security encryption (SSL). The first requires you to enter a username and password to access a folder, the second simply encrypts data as it travels between a users browser and a webserver so it cannot be read if it is intercepted.

 

There is no need to move your Admin Tool over to an SSL connection - no sensitive data is contained in there. Password protecting it is enough. If you still wish to get your admin tool working with SSL - read this first:

 

http://www.oscommerce.com/forums/index.php?showtopic=151162

 

 

You are wrong! The admin section has customer info and credit card info in the Orders link with only an http showing. I need this on an SSL and I also need help doing it.

Link to comment
Share on other sites

Just looking for some advice here.... I followed how to convert my admin to my ssl cert.

 

Here's what I did so far:

 

-changed my admin folder to my own original name

-went into my admin/install config file and changed the two sections that used to say ADMIN to my new name.

-went to my server and changed password and folder name to my new admim.

 

Checked my admin but the icon is still showing it as not being seure, to be exact:

You are not protected by a secure SSL connection.

 

What am I supposed to do to fix this?

 

Thanks,

 

Nigel

 

 

IF you are using a shared SSL server you need to use that to access the Admin section.

 

On the shared SSL

 

your url would look something like

 

https://yoursite.com.sslserver.com/store/catalog/admin

 

Does this help?

Link to comment
Share on other sites

If you are storing cc numbers in your database I would look into a different type of payment processing. Many payment modules do not store the whole number and is therefore much less risky.

Backup before making changes. Backup before making changes! Backup before making changes!!

 

You did do a backup? eh?

Link to comment
Share on other sites

If you are storing cc numbers in your database I would look into a different type of payment processing. Many payment modules do not store the whole number and is therefore much less risky.

 

 

It is not just about securing a cc # it is all the customer info I am baffled with the lack of security in accessing a database. Using a password is fine and dandy.

 

Why do we only care about what the customer sees? A cute little lock and they feel confident that there information (including birthdates?) , but when we access these database over unsecure connections it's OK because the customer can't see it?

 

I have tried to get help from my host and I have read many posts clamering for SSL in the admin but so far I have seen no help in this regard. I might be new to osCommerce but I'm not new to internet sales. I have been in business for 7 years and I am appalled at the lack of security built around osCommerce.

 

The typical responce is to have this in your configure.php file:

 

define('HTTP_CATALOG_SERVER', 'http://yourdomain.com');

define('HTTPS_CATALOG_SERVER', 'https://yourdomain.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

I have even seen some say to change the HHTP server to an https address

 

but the infamous

 

You are not protected by a secure SSL connection.

 

Still appears.

 

So what is the solution to this problem that many people are asking for?

Link to comment
Share on other sites

You need to use https for each of these

  define('HTTP_SERVER', 'https://...');  
 define('HTTP_CATALOG_SERVER', 'https://...');
 define('HTTPS_CATALOG_SERVER', 'https://...');

and change this to true

  define('ENABLE_SSL_CATALOG', 'false');

There is a contribution (admin ssl enable, I think), that will allow you to control which parts of admin use the ssl, but it is not required for this to work.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Awesome this did the trick for me and now my admin has complete SSL.....

 

define('HTTP_SERVER', 'https://...');

define('HTTP_CATALOG_SERVER', 'https://...');

define('HTTPS_CATALOG_SERVER', 'https://...');

 

Kind of weird though my first page that has all the admin icons isn't secured but once you click on tools or configuration it works no problem. The box on the left still says You are not protected by a secure SSL connection. I don't care about that anymore and give up trying to make that icon change properly, all I know is my admin is SSL protected so that's good.

 

Nigelman :thumbsup:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...