Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

SSL

grey_lady

By grey_lady
in General Support

Recommended Posts

grey_lady

grey_lady

Posted
Posted

Due to my hosting company not being helpful - i have no way in php of telling my site when to recognise to switch to secured.

Apparantly there are 'security' issues with using port 443 or any other different port for https or indeed having any server variables different.

 

Either i find a new hosting company, and they all seem to have terrible reviews! or i can run the whole site in https.

 

Can anyone offer any opinions on potential problems from running the whole thing using https or recommend a decent hosting company that's not to expensive (apologies if recommendations arent allowed on here)

 

Many thanks,

Simone

Link to comment
Share on other sites
Jack_mcs

Jack_mcs

Posted
Posted

Setting up a shop so that it accommodates the host is the wrong way to go. My guess is that you will also run into problems with other parts of the shop because of other restrictions they will have, like running in safe mode and the like.

 

But assuming you wanted to, running a site in https is not a good idea. It can cause problems with your listings in the search engines and, depending on the server, slow the site down.

 

Recommending hosting companies is not allowed on the forums but I will PM you regarding it.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites
germ

germ

Posted
Posted
Apparantly there are 'security' issues with using port 443 or any other different port for https or indeed having any server variables different.

Bullsh*t.

 

Every single osC store out there with successful SSL runs on a server that provides a way to tell when in SSL mode.

 

It's even supposed to be "standard" in PHP to supply this info.

 

Check this page: $_SERVER PHP Variables, specifically:

 

'HTTPS'

 

Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

If it was a 'security' issue it wouldn't be "standard" in a PHP install.

 

If an osC store or server it runs on is hacked it's NOT because of a 'security issue' with an environment variable being "different" in SSL mode.

 

You've just had the misfortune of choosing a host that either doesn't know what they're doing (totally) or just doesn't care (after they have your money).

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites
grey_lady

grey_lady

Posted
  • Author
Posted

What they've told me is that all the ssl traffic comes through a proxy which appears to forward onto the cluster through normal http port 80.

Therefore (im assuming) this is the reason why none of the php variables are doing anything different.

Does this make sense to anyone?

 

This stuff is far beyond my understanding but your spot-on with saying that they either dont understand it or dont care once they have the money.

 

Thanks for the replies,

Simone

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...