| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | Mark Forums Read | User manuals | Login |
Force HTTPS administration | ||||
|
|
Thread Tools | Search this Thread |
#11
|
|||||||||
|
|||||||||
I havent thought of using HTTPS yet, but I can see the importance now, so how can I make this done or configured on a VPS?
__________________
It doesn\'t matter what is done... it is how it is done. ============================= XCart Version: 3.5.3 -> Dmcigars.com XCart Version: 4.1.3.... |
|||||||||
#12
|
|||||||||
|
|||||||||
If your talking about using a system where your users are sent to a different company who deals with the payment part of the sale then they should take care of the secure side themselves
__________________
Looking for a reliable X-cart host ? You wont go wrong with either of these. EWD Hosting Hands On Hosting |
|||||||||
#13
|
|||||||||
|
|||||||||
I think that's what I will have to do for the moment, but in the meanwhile do you know how to set it up (SSL) on a VPS ?
__________________
It doesn\'t matter what is done... it is how it is done. ============================= XCart Version: 3.5.3 -> Dmcigars.com XCart Version: 4.1.3.... |
|||||||||
#14
|
|||||||||
|
|||||||||
the position of the include seems to make a difference
With 3.5.1 I tried the https include before the require's and it fails
But this seems to work. # $Id: orders.php,v 1.17 2003/08/11 10:44:46 svowl Exp $ # require "./auth.php"; require $xcart_dir."/include/security.php"; if ($config["General"]["secure_store"]=="Y"){ @include "../customer/https.php"; } Then add this to the database INSERT INTO `xcart_config` VALUES ('secure_store', 'Enable Secure Store', 'Y', 'General', 5, 'checkbox', 'Y'); And modify https.php with: if ($config["General"]["secure_store"]=="Y"){ $https_scripts = array("register.php","cart.php?mode=checkout","ord ers.php","order.php"); } else{ $https_scripts = array(); } I move the UNTOUCHED original files into my "patch" backup directory and add them to my "Patch-setup" script - before I patch I copy all changed files from the site with directory paths and replace them with these backups - If I need to, if the file name in not in the file.lst with the patch then the script by-passes the file. |
|||||||||
#15
|
|||||||
|
|||||||
Entire Store in HTTPS (Customers & Admin) ???
Hi all,
In this thread I was reading how to change the entire store to HTTPS. Can somebody shed some light on this. I think it is great, and have just made the changes to 3.4.11 and it works perfect so far. Why is this not common practice ??? Is this a performance thing ??? Will my Web Host provider complain ??? Please tell me why it should not be HTTPS.... Garry
__________________
All versions of X-Cart Been in eCommerce 10 years, Coding, PM, SEO, Social. X-Cart 11 years. IT 30+ years. Head of Web Dev for Australia's largest eCommerce 2 years. Attended conferences, Velocity 2009 US, CeBit 2009, MySQL 2010 US, Online Retailer 2010, Web 2.0 2011 US, MySQL 2012 US (Percona). Specialise in High Performance, High Volume, PHP, MySQL, HTML, CSS, JAVASCRIPT, SMARTY, MEMCACHED, APACHE, LIGHTTPD, FREEBSD, LINUX. Email your requests to xcart@gazwebtech.com |
|||||||
#16
|
|||||||||
|
|||||||||
HTTPS
You should only enable HTTPS on personal information and ADMIN functions that expose personal information. Encrypting everything sucks CPU so if you what your customers to have a snappy response only use HTTPS on personal information and ADMIN functions.
|
|||||||||
|
Thread Tools | Search this Thread |
|
|
|
|||
X-Cart forums © 2001-2020
|