ONLY the login is secure in admin,
so this is normal.
ONLY the login is secure in admin,
so this is normal.
Zen cart PCI compliant Hosting
You can thank the legacy code for that
Zen cart PCI compliant Hosting
that can't be??? SSL for the login then reverting back to non-encrypted for the rest of the admin area. This particularly poses a problem for the backing-up of the Zen Cart Database as we are required to do this encrypted as it will contain customer credit card details!!!
What a joke! I apreciate this product is free, but I'm struggling to believe that such a mature application hasn't addressed this potential security hole.
Can someone confirm that the admin area does not have encryption/https apart from the login?
leeasteadman,
I thought I already did that,
ONLY the login in admin is https,
and you are NOT supposed to store cc numbers in the DB,
last I checked ZC Dosnt do this, it stores the first 4 and last 4 the rest get emailed to you,
it has been stated that when the admin is rewritten 1.5 or 1.6 (I dont remember off the top of my head), that this will be addressed,
however remember this projust started off as OSC and they dont even have a login for the admin,
you can always just use the https:// in your admin configure.php file,
there is a way to do this, but for the most part is NOT really needed.
Zen cart PCI compliant Hosting