SSL Settings in admin/includes/configure.php
I just went through the tutorial about setting up SSL and it seems to be working fine. However I have a question about the settings for admin/includes/configure.php. After setting the proper https information for HTTPS_SERVER and for HTTPS_CATALOG_SERVER the next lines of code read:
// Use secure webserver for catalog module and/or admin areas?
At this point I have not changed either of those from 'false' to 'true' in the admin/includes/configure.php file...though of course I changed the ENABLE_SSL from false to true in the includes/configure.php file. And as far as I can tell my website is running fine.
Can anyone explain what is gained/lost by changing either or both of those items from false to true in the admin/includes/configure.php file?
Re: SSL Settings in admin/includes/configure.php
What is lost is that none of your communications with your Admin would be encrypted, in particular login, so you would risk somebody sneaking a look at your Admin password and gaining access to your customer data.
And links embedded in some customer emails, in particular those involved in the order processing process, would encourage customers to access their accounts in a non-secure way.
I'm not sure that anything is gained, except perhaps an almost inperceptible increase in the site's speed.
By nipinuk in forum Installing on a Linux/Unix Server
Last Post: 10 Dec 2009, 01:12 AM
Content and Graphics Copyright (c) 2003 - 2013 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC