Jump to content

Archived

This topic is now archived and is closed to further replies.

BGTFICA

Should I use https over entire site or catalog

Recommended Posts

No, you shouldn't. There are threads here on this topic that go into detail as to why you shouldn't so you can look at those if you want to read more on it.

Share this post


Link to post
Share on other sites

No, OSC is set up to use https when it is required.

 

cheers

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Use OScommerce as its meant to be used, and only secure the pages that need it.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

SSL noticeably slows down page transmissions and responses. Unless you have a product line that people would be extremely embarrassed to be caught shopping in (by someone snooping on their transactions), or it's something required by government regulations (say, by HIPAA for products that would reveal medical information, such as your new Spring line of colostomy bags), additional security isn't needed. osC already uses SSL where it's generally agreed that it's necessary. If there are additional pages where you feel that SSL is needed, feel free to bring up the matter here, or just change the code yourself.

 

Note that if you plan to handle customer credit cards (through a payment gateway and merchant account), putting the whole site under SSL is still unnecessary. There are many security hurdles you have to jump to be PCI-DSS compliant, but SSL is required only in certain places.

 

I seem to recall being told that some search engines may not explore HTTPS pages, so you may be cutting yourself out of search engine listings by doing this. Can anyone confirm this?

Share this post


Link to post
Share on other sites

@@MrPhil They can, and do, look at secure pages if they are allowed to. For pages like login and checkout... they should be blocked so those won't present a problem. But if the whole site is setup to use ssl, then the home page, and others, would present two versions of the same page and the danger of duplicate content occurs.

Share this post


Link to post
Share on other sites

×