kelly236 Posted April 28, 2011 Share Posted April 28, 2011 Hi I have just gotten the godaddy website security scanner and it tells me this: The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in clear text. I have checked and my SSL is working fine, both cofig files are setup correctly but I notice it's only when you go to HTTP not HTTPS, so my question, Is there a way so when you type in the address www.my domain.com it would go directly to HTTPS because if I just type in my address it goes to HTTP I've even changed my config file to HTTPS for the catalog directory but it still defaults to HTTP Just curious , Is there a way to default to HTTPS? Thank you for any help or direction with this Kelly Link to comment Share on other sites More sharing options...
germ Posted April 28, 2011 Share Posted April 28, 2011 Having the whole site HTTPS all the time is a waste and a bad idea. That's why the default code doesn't work that way. You only need the security provided by SSL when sensitive info is exchanged between the client and the server. If your site isn't switching to SSL when it should I can help with that - probably. :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
kelly236 Posted April 29, 2011 Author Share Posted April 29, 2011 Thank you for your response my problem is I have that scanner thing from godaddy and after asking for help they say I should make changes to the .htaccess this is what they told me: The user name and password on the URLs mentioned are sent in clear text because the HTTPS protocol is not used. To resolve this issue, it is recommended that you require the HTTPS protocol or use of an SSL Certificate. To accomplish this, you can create an .htaccess file redirecting traffic to the HTTPS version of your site. but I have no clue how to make changes to it and I wouldn't want to play around with it and mess up my security, Thanks again so much for answering my post if you can tell me what I should add or where I can read about it I would be greatly appreciative Thanks again, Kelly Having the whole site HTTPS all the time is a waste and a bad idea. That's why the default code doesn't work that way. You only need the security provided by SSL when sensitive info is exchanged between the client and the server. If your site isn't switching to SSL when it should I can help with that - probably. :) Link to comment Share on other sites More sharing options...
Xpajun Posted April 29, 2011 Share Posted April 29, 2011 Hi Kelly, Providing you have a SSL certificate, providing your configure files are set as follows: (store) define('HTTP_SERVER', 'http://my_store.com'); define('HTTPS_SERVER', 'https://my_store.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'my_store.com'); define('HTTPS_COOKIE_DOMAIN', 'my_store.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); (admin) define('HTTP_SERVER', 'http://my_store.com'); define('HTTP_CATALOG_SERVER', 'http://my_store.com'); define('HTTPS_CATALOG_SERVER', 'https://my_store.com'); define('ENABLE_SSL_CATALOG', 'true'); your store will automatically switch to SSL on pages requiring input from your customers. If it doesn't switch or switches but then switches back then you have a request for a http on the page somewhere instead of https. If this is the case nothing in a .htaccess file will correct it I would go as far to say that you have been given bad advice from GoDaddy Julian My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
germ Posted April 29, 2011 Share Posted April 29, 2011 You don't have to change the .htaccess file to get the shop to function correctly. That part of their advice is totally wrong. Unless you want to post (or PM me) the URL of the site I can't verify if the SSL is working as it should in regard to what you've posted. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.