Guest Posted November 29, 2003 Share Posted November 29, 2003 I've been using OsCommerce for awhile, with https secure usage and everything. But, I need to know what files go in HTTPS, which ones stay in HTTP, how to avoid loading non-secure items with secure items in HTTPS, etc. etc, etc. I recently got a job at an e-commerce site... here's what THEY'RE doing: They went into their server, to the domain where their shopping cart is, in FTP, and they changed the httpsdocs directory into a SYMBOLIC LINK to httpdocs. So whenever httpsdocs is called, it does hit that directory, but now it's just a symlink to httpdocs and loads pages from httpdocs. This makes things a HELL OF A LOT EASIER. You only have ONE site, no copies of ANY files on https, easier to manage, easier EVERYTHING. My question: CAN YOU DO THIS? Is this still making the site secure? Is the data being encrypted on its way through the symlink, or is all security compromised??? Thanks for any and all answers!!! Link to comment Share on other sites More sharing options...
Guest Posted November 29, 2003 Share Posted November 29, 2003 Hi, I think that symlink just complicates thing, and isn't really needed. You basically want to set your apache to server SSL content from the same place as regular content. SSL is just a layer on top of HTTP, and really has nothing to do with what directory content comes from. The problem is actually something else, it looks like in your secure pages, you have absolute src= tags. Like img src="http://yoursite.com/foo.gif" you need to make them all img src="/foo.gif" or img src="httpS://yoursite.com/foo.gif" Regards, hel0 Link to comment Share on other sites More sharing options...
Guest Posted November 29, 2003 Share Posted November 29, 2003 Hi, I think that symlink just complicates thing, and isn't really needed. You basically want to set your apache to server SSL content from the same place as regular content. SSL is just a layer on top of HTTP, and really has nothing to do with what directory content comes from. The problem is actually something else, it looks like in your secure pages, you have absolute src= tags. Like img src="http://yoursite.com/foo.gif" you need to make them all img src="/foo.gif" or img src="httpS://yoursite.com/foo.gif" Regards, hel0 Thanks for replying... Yes, of course Apache should serve SSL content from the same place as regular content. But oscommerce does not know this! And Apache only does SSL from the httpsdocs directory! If I make the images relative, then oscommerce will look for them in httpdocs/cart/images when not secure. But then when going to a secure page, it will look for them in httpsdocs/cart/images. This forces us to have two copies of the images folder? One in httpdocs and one in httpsdocs? Or could you just make a symlink of everything in httpsdocs cart folder to httpdocs cart folder? Or better yet, make the entire httpsdocs directory a symlink to httpdocs... Otherwise we are having two copies of the shopping cart. Link to comment Share on other sites More sharing options...
Guest Posted November 29, 2003 Share Posted November 29, 2003 Hi, Yeah, I've seen that httpsdocs setup before at some web hosts, and it's always been a pain. But fortunately, there is no law that says https requests need to be served from a special directory. You should first try and get your provider or whoever change the docroot for ssl requests. If they can't or won't, the symlink is probably your second best option. It's pretty much as secure as the regular way. You just need to make sure you have the FollowSymLinks option turned on in your .htaccess or httpd.conf file. Good luck, hel0 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.