Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HTTPS question


kelly236

Recommended Posts

Hi I have just gotten the godaddy website security scanner and it tells me this:

 

The remote web server contains several HTML form fields containing

an input of type 'password' which transmit their information to

a remote web server in clear text.

 

I have checked and my SSL is working fine, both cofig files are setup correctly but I notice it's only when you go to HTTP not HTTPS, so my question,

 

Is there a way so when you type in the address www.my domain.com it would go directly to HTTPS because if I just type in my address it goes to HTTP

 

I've even changed my config file to HTTPS for the catalog directory but it still defaults to HTTP

 

Just curious , Is there a way to default to HTTPS?

 

Thank you for any help or direction with this

 

Kelly

Link to comment
Share on other sites

Having the whole site HTTPS all the time is a waste and a bad idea.

 

That's why the default code doesn't work that way.

 

You only need the security provided by SSL when sensitive info is exchanged between the client and the server.

 

If your site isn't switching to SSL when it should I can help with that - probably.

:)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Thank you for your response my problem is I have that scanner thing from godaddy and after asking for help they say I should make changes to the .htaccess this is what they told me:

 

The user name and password on the URLs mentioned are sent in clear text because the HTTPS protocol is not used. To resolve this issue, it is recommended that you require the HTTPS protocol or use of an SSL Certificate. To accomplish this, you can create an .htaccess file redirecting traffic to the HTTPS version of your site.

 

but I have no clue how to make changes to it and I wouldn't want to play around with it and mess up my security, Thanks again so much for answering my post if you can tell me what I should add or where I can read about it I would be greatly appreciative

 

Thanks again,

 

Kelly

 

 

 

Having the whole site HTTPS all the time is a waste and a bad idea.

 

That's why the default code doesn't work that way.

 

You only need the security provided by SSL when sensitive info is exchanged between the client and the server.

 

If your site isn't switching to SSL when it should I can help with that - probably.

:)

Link to comment
Share on other sites

Hi Kelly,

 

Providing you have a SSL certificate, providing your configure files are set as follows:

 

(store)

 define('HTTP_SERVER', 'http://my_store.com');
 define('HTTPS_SERVER', 'https://my_store.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'my_store.com');
 define('HTTPS_COOKIE_DOMAIN', 'my_store.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

(admin)

 define('HTTP_SERVER', 'http://my_store.com');
 define('HTTP_CATALOG_SERVER', 'http://my_store.com');
 define('HTTPS_CATALOG_SERVER', 'https://my_store.com');
 define('ENABLE_SSL_CATALOG', 'true');

 

your store will automatically switch to SSL on pages requiring input from your customers. If it doesn't switch or switches but then switches back then you have a request for a http on the page somewhere instead of https. If this is the case nothing in a .htaccess file will correct it

 

I would go as far to say that you have been given bad advice from GoDaddy

 

Julian

My store is currently running Phoenix 1.0.3.0

I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 )

I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary

Link to comment
Share on other sites

You don't have to change the .htaccess file to get the shop to function correctly.

 

That part of their advice is totally wrong.

 

Unless you want to post (or PM me) the URL of the site I can't verify if the SSL is working as it should in regard to what you've posted.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...