Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

securing some files like checkout.php


rusty1001

Recommended Posts

Hi

 

My client is asking me as he has a secure server (not an ssl cert) and wants some files like check out in secure area,

I have set up the config file, and move the files in there, and it is getting errors because I assume the shipping file etc will look for files related files and as I thought, but I wanted to confrim,,

is there a way to secure just the checkout file etc, ( which he wants secured in an SSL type situation)

 

does not want to do online sales but collect the CC and process offline Anyone got any ideas?

 

thanks

 

R

Rusty

-------------------------------------------

Link to comment
Share on other sites

I don't know what a "secure" server is.

 

But the way the Internet works, as I understand it, any data sent to and from any server over an unsecure (non SSL) connection is subject to interception by "packet sniffing".

 

Maybe I just don't know what I'm talking about.

:blush:

 

It's not the "location" of the file that makes it "secure".

 

It's the fact the data is encrypted by the algorithms used by the SSL.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I don't know what a "secure" server is.

 

But the way the Internet works, as I understand it, any data sent to and from any server over an unsecure (non SSL) connection is subject to interception by "packet sniffing".

 

Maybe I just don't know what I'm talking about.

:blush:

 

 

in his webhost there is a "secure" folder with a cgi script folder and anyting you want secure you put in there, but your weblink willl change to www.commerce.vault.com./myhost ...hate it really..

 

cheers

Rusty

-------------------------------------------

Link to comment
Share on other sites

That might make the file "secure", but if the data sent to and from the file isn't encrypted it's not "secure".

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

That might make the file "secure", but if the data sent to and from the file isn't encrypted it's not "secure".

 

 

Hi there seeems to be a an SSL for the site/page but I want to know if I can /split up or how to use for the checkout payment pages. - the pages will be in differnt folder /levels etc . I dont think this can be done??

 

 

it is like a bluehost, but are the files in different areas or it just the SSL cert that is shared?

???

 

 

thanks

Rusty

-------------------------------------------

Link to comment
Share on other sites

I don't know any way to move one of the osC files out of the osC folder and still reference it without losing the session ID. Except on servers where the SSL files are in another folder. But that doesn't count. Technially, it's still "inside" the osC folder in that case.

 

That doesn't mean there isn 't a way. It just means I personally don't know how.

 

Why not just get a "dirt cheap" SSL certificate from Go-Daddy ($29.99 American dollars per year) and not have to fool around with this "secure server" and "move this file there" garbage?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Russell,

 

At first I thought your client had his own server, but then you mentioned his webhost. If he is on shared hosting, then, from the looks of that long URL, his host may be offering shared SSL hosted on www.commerce.vault.com's server. That is, if your client requests that his site be "secure", the parts he wants secured will be hosted (possibly copied) there.

 

My hosting company offered something similar. I downloaded osCommerce from them, and it was all integrated from the start with a shared SSL with a similar cumbersome URL, although I changed things around later when I got a dedicated SSL cert. of my own. I don't know what the process was at their end, but using their shared SSL did not change my process for uploading files at all. I did not have to upload them to this different URL.

 

osCommerce (at least my copy of it) automatically loads the checkout pages with an "https" prefix (if you have SSL enabled) from the secure domain you designate in catalog/includes/configure.php and in catalog/admin/includes/configure.php.

 

If your client is indeed using shared hosting, then his hosting company can assist with using shared SSL or with setting up a dedicated SSL. As Jim has pointed out, a "secure" server is one thing, but security is not complete without SSL.

 

Hope this helps,

~Wendy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...