Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

SSL aggrivation

rages4calm

By rages4calm
in General Support

Recommended Posts

rages4calm

rages4calm

Posted
Posted

When I try adding a product to the shopping cart or hit buy now I get an error in firefox that says

Although this page is encrpypted, the information you have entered is to be sent over an Unencrypted connection and could be easily read by a third party.

Are you sure you want to contine sending this information?

 

So I have my .htaccess file setup like so

 

What the hell am i doing wrong???

 

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} store 
RewriteRule ^(.*)$ https://www.ramagefarms.com/store/$1 [R,L]

 

and my configuration looks like this

<?php
 define('HTTP_SERVER', 'http://www.ramagefarms.com');
 define('HTTPS_SERVER', 'https://www.ramagefarms.com');
 define('ENABLE_SSL', 'true');
 define('HTTP_CATALOG_SERVER', 'http://www.ramagefarms.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.ramagefarms.com'); //This should be filled in
 define('ENABLE_SSL_CATALOG', 'true'); // If this is true
 define('HTTP_COOKIE_DOMAIN', 'www.ramagefarms.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.ramagefarms.com');
 define('HTTP_COOKIE_PATH', '/store/');
 define('HTTPS_COOKIE_PATH', '/store/');
 define('DIR_WS_HTTP_CATALOG', '/store/');
 define('DIR_WS_HTTPS_CATALOG', '/store/')

 

Now if I remove the mod - .htaccess file.. everything works fine.. however!!! people are going through http instead of https..... anytime you click a link while in https it goes to a http page.... Why the hell was this store script wrote to assume people shop in http rather then https???

Gauravs

Gauravs

Posted
Posted

HTTPS is required only when a client machine has to send personal data to your server. Browsing products, reading its features do not require encryption (no one can misuse them or abuse the information gathered about the things that you are selling online!!!)

Thus only places that need to be secured are email id / password / name / tel no. etc details when a person registers or is going through login, and then place where they have to enter credit card details. Such information gets encrypted by the browser before it is sent over public switches, so even if someone sniffs the packets and captures them, it would take ages for them to break encryption and even detect your name or credit card nos.

 

https slows down your site, thus no point in encrypting everything, it is prudent to do it only for things that are valuable, and in this age privacy is the top concern for eShoppers.

 

Hope that helps.

Best Regards,
Gaurav

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...