Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Making part of my site secure


  • Please log in to reply

#1
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Salutations to you code gurus

A short time go, I applied an SSL to my site, which together with the ".htaccess" file redirects from "http" to "https", however, a link on every page to Google Translator causes an "unsecure item" error in MSIE. I have been told that the SSL can only be applied to the whole site and not just a selected page within it, is that correct?

I would like to keep Google Translator, if possible, and I have noticed that other e-commerce sites have only their "checkout procedure" secure; the rest of the site just being normal "http", do you know how to achieve this?

Here is an example: https://www.onlinego...ckout/index.asp and
http://www.onlinegol...asket/index.asp

Is it possible to change the redirect so that only one page is redirected? This is the current code in the ".htaccess" file:

AddHandler x-mapp-php5 .php
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.mysite.com/$1 [R]

I have read on other sites that using absolute links (incorporating the "https" and "http") rather than relative links is important, but does that mean changing every link on every page accordingly?

Or is it a combination of both methods; an edited version of the .htacces redirect and some changes of links on some pages only?

Thank you for helping me to understand this better and achieving the result I want.

Regards

Phil

Edited by Crustyoldbloke, 29 April 2010 - 10:51 AM.

  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Hello fine sir. :)

1) Are you doing your own credit card processing? Have your own merchant account? Use a third party?

If you are using a third party, their site will handle all the SSL and security. If doing your own processing, you'll have to be extra diligent with security to keep your clients credit info secure. This includes things such as keeping the security number from the back of the card on a different server than the credit card number. Generally, you'll need quite a bit of volume to justify processing your own credit. Consider Paypal, Google checkout, or one of the many other 3rd parties. You may pay a slightly higher fee, but there will be no monthly service charges, and you'll have fewer headaches.

2) If you do your own merchant account, I wouldn't recommend you make your entire site SLL. For one, it will slow the site. Instead, think of the SSL pages as a separate site. You'll need to copy all your images, CSS, etc for the SSL pages, and only use for the checkout/login pages.
  • 0

#3
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,130 posts
Thank you for timely response Mr B

I will be using a merchant account and understand that a third party will provide the security to my customers for financial information, however, I will be using personal data (if they opt in to the scheme) and wanted to provide the security for them for that reason.

I am happy in my mind about what I want to achieve, but need to pick someone's brains on exactly how to do it.

As always, thanks for reading and replying.

Regards
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Redirecting a single page is easy: Redirect 301 oldurl newurl

However, what I think you want to do it create a login page in SLL (https://) and then after successfully logging in, redirect them back to the http:// site.

I'm no expert on this, I muddle through as needed. I'm sure someone may come along and offer more advice. :)
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,130 posts
Well after a little light reading, I appear to be 99% there, but I have just one glitch to overcome.

What I did was quite simple really, I cancelled the redirect to https, so now the site is http only. However, since the certificate has been applied to the domain, simply by ensuring that ALL links pointing to "cart.php" are absolute and start with https.

Then all links on the "cart.php" page, pointing elsewhere are absolute and start with http. It works very well as you click links on any of the pages, with the padlock icon in the browser appearing at the right time.

The glitch comes when you order for real, for some reason (yet to be identified) the cart page does NOT get prefixed by https, just http instead, so that tells me that other links elsewhere in the database also point to the "cart.php" and I haven't found them to edit them.

This is the URL causing the problem:

http://www.MYSITE.com/cart.php?rp=https%3A%2F%2Fwww.MYSITE.com%2Fproducts.php%3Fcat%3D5

http://www.MYSITE.com/cart.php?rp=https%3A%2F%2Fwww.MYSITE.com%2Fproducts.php%3Fcat%3D5

Is there a way of writing the absolute https link to the "cart.php" so that it includes anything that follows it, as does the bold type in the url above?

Thanks for any info.

Regards
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Not sure if this will work. You may need a conditional redirect rule:

RedirectMatch permanent ^/cart.php* https://www.MYSITE.com/cart.php

That should redirect a URL with "cart.php" anywhere in the URL to https://www.MYSITE.com/cart.php

Edited by admin, 30 April 2010 - 03:31 PM.

  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Topic Starter
  • Retired Staff
  • 15,130 posts
You are probably right, I think that would work, but after much head scratching earlier, I decided to seek advice from the creators of the database software who kindly told me to add a line to the Admin side doing exactly what you suggest. :)

It is now a thing of beauty :)

Well Mr B, you told me it would be a learning curve, and you weren't joking. :)

Until the next time :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP