Results 1 to 6 of 6

Hybrid View

  1. #1
    Join Date
    Nov 2003
    Posts
    1,155
    Plugin Contributions
    0

    Default Forced SSL - possible ?

    Even if you have all your configure.php settings turned on for SSL, it seems that the user can still switch a page to non-secure if they put their cursor into the address bar, delete the "s" in https, and then refresh the page.

    Is there a way to force an SSL connection even if an insecure page is called for any reason?

    Perhaps something in the .htaccess file maybe? Like, "If this is not a secure address, convert it to a secure address"

    Many thanks :)

  2. #2
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Forced SSL - possible ?

    They only hurt themselves ... what exactly are the concerns here?
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today!]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  3. #3
    Join Date
    Nov 2003
    Posts
    1,155
    Plugin Contributions
    0

    Default Re: Forced SSL - possible ?

    Was just thinking that if SSL could be forced that it would add a little security for the site owner, too.

  4. #4
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Forced SSL - possible ?

    If you set the code to secure all around it will run that way ...

    If customers change the URL to not be secure it will hit for the one link ... but then switch again on next click ...

    I am not sure that customers would gain anything doing this ...

    As to a full secure site you run the risk of a much slower site for pages that do not need to be secure ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today!]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  5. #5
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Forced SSL - possible ?

    Actually, if a page is only COLLECTING information, then it doesn't matter if they override the URL and view the page in non-SSL mode, since clicking the submit button will still transmit via SSL (of course, this assumes your site normally operates in SSL modes).
    However, if they choose to display their account information in a non-SSL manner, it's only them that is being injured by sending their personal information for display.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Nov 2003
    Posts
    1,155
    Plugin Contributions
    0

    Default Re: Forced SSL - possible ?

    Thanks, Ajey and Dr. :-)

 

 

Similar Threads

  1. v138a Possible Scripting Issue with SSL
    By CobraPlant in forum General Questions
    Replies: 8
    Last Post: 6 Jan 2012, 03:18 AM
  2. When Might SSL-Only Access Be Possible ???
    By jman in forum Basic Configuration
    Replies: 5
    Last Post: 18 Jul 2011, 06:06 PM
  3. Possible SSL problem?
    By whiteboxer in forum Basic Configuration
    Replies: 2
    Last Post: 30 Jan 2010, 12:46 AM
  4. Is SSL smtpauth possible?
    By DogTags in forum General Questions
    Replies: 0
    Last Post: 23 Feb 2009, 03:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg