Is it possible to secure the contact us page or any certain page with SSL?
Is it possible to secure the contact us page or any certain page with SSL?
What's the point? The contact-us message is sent by email, which is the least secure communications method available. So, protecting the Contact-Us page with SSL would be pointless from a security perspective.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I could see a benefit to this if the contact us page has been extended to collect additional and personal or commercially sensitive information, since it submits back to itself, but only if you have encrypted email between your server and wherever you receive the mail.
In this case you would need to find all instances of zen_href_link(FILENAME_CONTACT_US) and change them to zen_href_link(FILENAME_CONTACT_US, '', 'SSL')
But you'd then need to maintain those changes (and there's quite a few of them) through future upgrades. So I would double check against DrByte's point and make sure that you really do have a sufficiently secure infrastructure and a really valid benefit for doing this before going ahead.
Last edited by kuroi; 23 Apr 2011 at 11:40 AM.
Kuroi Web Design and Development | Twitter
(Questions answered in the forum only - so that any forum member can benefit - not by personal message)
I can't get the Contact US page to work, it crashes, since everything else is SSL. HOW DO I GET IT TO BE SSL.
Read kuroi's post #3Originally Posted by PatriciaWhipp
1 reason would be that it is required by law in The Netherlands that the contact us page should be in SSL.
I came, I saw, I got zenned... :)
Can you please provide references (preferably in English) to this law and its scope?1 reason would be that it is required by law in The Netherlands that the contact us page should be in SSL.
Please do not PM for support issues: a private solution doesn't benefit the community.
Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
I saw something just yesterday about that, can't find it now of course
http://www.networking4all.com/en/ssl...l+obligations/
Webzings Design
Semi retired from Web Design
So - here's the act/proclamation/law that the company promoting their SSL certificates is touting ... We'll review it.
http://www.dutchdpa.nl/Pages/en_ind_wetten_wbp_wbp.aspx
Please do not PM for support issues: a private solution doesn't benefit the community.
Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
Article 13 is the article from which through jurisprudence has been derived that SSL is mandatory for all pages on a website that transmits personal information.
Basically that law states that whenever personal information (name, address etc. ) is transmitted from an individual to a webshop that this transmission has to be as safe as possible taking into account that the technical solutions to do this is widely available and affordable for the average webshop owner.Article 13
The responsible party shall implement appropriate technical and organizational measures to
secure personal data against loss or against any form of unlawful processing. These measures
shall guarantee an appropriate level of security, taking into account the state of the art and the
costs of implementation, and having regard to the risks associated with the processing and the
nature of the data to be protected. These measures shall also aim at preventing unnecessary
collection and further processing of personal data.
Although this law is not (yet) being enforced actively, it could be used as a stick to beat some more.
Last edited by eentje; 31 Aug 2011 at 11:11 PM.
I came, I saw, I got zenned... :)