Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Issues?


rumi

Recommended Posts

Ive read it is important to not use absolute paths when linking outside my store but when I use the relative pathname I cant get to my link.

 

Ive tried: <a href="http://www.site.com/"> (which works but is absolute, right?) and <a href="www.site.com"> which doesnt work (relative, right?).

 

Ive looked through the osc documentation and cant find specific text relating to how to link outside of my site safely.

 

Thank You

Link to comment
Share on other sites

Ive read it is important to not use absolute paths when linking outside my store but when I use the relative pathname I cant get to my link.

 

Ive tried: <a href="http://www.site.com/"> (which works but is absolute, right?) and <a href="www.site.com"> which doesnt work (relative, right?).

 

Ive looked through the osc documentation and cant find specific text relating to how to link outside of my site safely.

 

Thank You

 

Hey Rumi - you're not correct.

 

a relative path means that it is relative to either the path you are already in, or relative to your server.

href="/store/shoes/nike/product.html"

is *absolute* based on where your public_html directory is.

 

href="nike/product.html"

is relative based on the fact you were already in the nike directory

 

href="http://shoesonline.com/store/shoes/nike/product.html"

is absolute.

 

href="www.shoesonline.com/store/shoes/nike/product.html"

is WRONG syntax for HTML code and will not go to the link

 

I like to use paths based on my public_html directory - but that is just personal preference.

Link to comment
Share on other sites

Hey Rumi - I didn't answer your question :

" Ive looked through the osc documentation and cant find specific text relating to how to link outside of my site safely."

 

What do you mean by this ? There is no security issue either way. But if you are link to a separate server/domain name - then you haver to use :

href="http://www.domain.com"

 

david

Link to comment
Share on other sites

You have to have the http there because you have to tell a web browser what protocol it should use to link to the file you are pointing to. Http stands for Hyper Text Transfer Protocol (i.e. ordinary html links). You could also use ftp:// (File Transfer Protocol), telnet:// etc etc instead of http://

 

WWW is part of the domain but is no use for telling a web browser how to link to that domain.

Link to comment
Share on other sites

What do you mean by this ? There is no security issue either way. But if you are link to a separate server/domain name - then you haver to use :

href="http://www.domain.com"

david

 

From STSv4.3.3 Users Manual: "You need to think carefully about the links you make when working with oacommerce. The same applies to images, because there a quite a few potential pitfalls to avoid in how you link to them when designing templates and new pages for your shop. Basically, you will be in the clear as long as your image links are relative. ...[absolute paths] works initially, but will lead to errors when you create a secure area of the site to handle credit card transactions. In such situations, even images must be transmitted in an encrypted form to avoid security alerts..."

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...