question on shared SSL

[damon2003]

Hi,

I am slowly learning the differences between shared and dedicated SSL.

I am getting a shared secure server.

 

My question is is it ok to simply put all the files in the secure folder and just link to it from a main holding page in the non secure folder?

 

thanks a lot

aaaaa

[Guest]

You can have all files in both your secure folder and non secure - you need to set the SSL configuration (configure.php) to point to your secure directory/server - osCommerce will handle the rest and only call files from the secure directory when needed.

 

Matti

[damon2003]

Hi,

thanks a lot for the reply.

I put the catalog folders and the other files in both secure and on secure folder. I went to the intall file on the non secure URL and followed the process specifying SSL.

 

The login links and account links and so on (the secure stuff) is pointing at the secure server as it should. however there is now a problem is register_globals - FATAL ERROR: register_globals is disabled in php.ini, please enable it.

 

I have contacted the ISP, and they cannot enable register_globals, because they say its a security risk. I fit is a secure risk, why does oscommerce require them to be enabled?

 

Anyway, I reinstalled oscommerce again, this time not using any SSL and it seems to work fine. Is this because oscommerce only uses global_register when you specify SSL?

 

I need to get this thing up and running as soon as possible. so is it really necessary to use SSL? The reason I ask is that when you intall a gateway (which I havent done yet) payment system, dont you get transferred to that particular payment server, and therefore it is secure? Also can anyone recomend a payment system, where you use their secure servers rather than your own,

 

thank you very much

[stevel]

I'd think you'd want some sort of secure server for the login, though that's not required. My host doesn't have separate folders for secure and non-secure content - it's just a different URL.

[damon2003]

Right you say I would want some kind of secure login, although thats not required, so if its not required I wont do it then, its not information that is highly confidential is it anyway.

 

 

So back to my other important question about the payment gateway. Is the user transferred to the payment gateways server or not? As I understand you are, and in which case I dont need to bother with SSL, as am having problems with it. Also can someone recomend a good gateway to use.

 

BTW my host also uses separate URLs for the secure and non secure servers, but I am having problems with register globals on the secure server

 

thanks a lot for any information

[stevel]

With payment gateways, you are using their secure server, so that's not a problem. I don't use gateways, so can't offer advice on selecting one.