To https or not https ?

[sfinlay]

Hi
I'm trying to set up zencart for the first time. Before I start can anyone help with the following.

Do I have to have some secure web space (https) to use zencart or is it possible to use it with "normal" web space ?
I'm setting up a small website for a local theatre group, hoping to sell some merchandise etc with the idea of using paypal to process transactions.
I thought paypal would do this securely at their end so there would be no need to have secure web space on my site.
Any thoughts appreciated

[Vger]

Full ssl certs are so cheap these days that there's really no excuse for not having a cert. Most hosting companies provide decent shared ssl certs as part of the package at no extra cost if you don't want to spend $20-30 on a full ssl cert.

I would never do business with an online site that did not protect my account login details and account information with encryption.

Vger

[DrByte]

If all you're doing to collect payment is using paypal, then you don't need protection for client CC information ... BUT you are still collecting customer name, address, phone, email, etc ...... and people-in-the-know will be appreciative of knowing that you are protecting their personal information with SSL encryption.

Also, don't buy a 40-bit encryption certificate... those are obsolete nowadays. Go for 128-bit.

[Vger]

Also, don't buy a 40-bit encryption certificate

I didn't know anybody was still selling them

Vger

[sfinlay]

Thanks for the comments folks.

I was just curious as to whether it was essential to have some secure web space for Zencart to work properly. From what you say it looks like you don't need to, so that's fine as I can muck about with zencart before I get down to selling anything.

[FluffyTigger]

I didn't know anybody was still selling them

Vger

They don't, the encryption strength is auto-negotiated between the Server and Browser. You usually get AES-256 bits with FireFox and an updated Apache. The certificate is only used as an encryption and decryption keys.

[sfinlay]

I've had alook around and came across www.prontossl.com
They seem to offer very cheap deals. Has anyone heard of this company?

Just one quick question. Not entirely sure how this ssl malarky works. If I was using e.g. paypal to process customer payments would I still need to have some actual secure webspace to go with an SSL certificate or would I just need a certificate on its own?