I havent thought of using HTTPS yet, but I can see the importance now, so how can I make this done or configured on a VPS?
|
If your talking about using a system where your users are sent to a different company who deals with the payment part of the sale then they should take care of the secure side themselves
|
I think that's what I will have to do for the moment, but in the meanwhile do you know how to set it up (SSL) on a VPS ?
|
the position of the include seems to make a difference
With 3.5.1 I tried the https include before the require's and it fails
But this seems to work. # $Id: orders.php,v 1.17 2003/08/11 10:44:46 svowl Exp $ # require "./auth.php"; require $xcart_dir."/include/security.php"; if ($config["General"]["secure_store"]=="Y"){ @include "../customer/https.php"; } Then add this to the database INSERT INTO `xcart_config` VALUES ('secure_store', 'Enable Secure Store', 'Y', 'General', 5, 'checkbox', 'Y'); And modify https.php with: if ($config["General"]["secure_store"]=="Y"){ $https_scripts = array("register.php","cart.php?mode=checkout","ord ers.php","order.php"); } else{ $https_scripts = array(); } I move the UNTOUCHED original files into my "patch" backup directory and add them to my "Patch-setup" script - before I patch I copy all changed files from the site with directory paths and replace them with these backups - If I need to, if the file name in not in the file.lst with the patch then the script by-passes the file. |
Entire Store in HTTPS (Customers & Admin) ???
Hi all,
In this thread I was reading how to change the entire store to HTTPS. Can somebody shed some light on this. I think it is great, and have just made the changes to 3.4.11 and it works perfect so far. Why is this not common practice ??? Is this a performance thing ??? Will my Web Host provider complain ??? Please tell me why it should not be HTTPS.... Garry |
HTTPS
You should only enable HTTPS on personal information and ADMIN functions that expose personal information. Encrypting everything sucks CPU so if you what your customers to have a snappy response only use HTTPS on personal information and ADMIN functions.
|
All times are GMT -8. The time now is 09:12 PM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.