Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Security Warning on Returning from Completed Paypal payment

djoffe

By djoffe
in Security

Recommended Posts

djoffe

djoffe

Posted
Posted

I'm still in the middle of configuring things, but now have Paypal Standard working. However, after the paypal transaction completes, I get the following in a box titled security warning:

 

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

 

Are you sure you want to continue sending this information?

 

Is there something I can change about my configuration in oscommerce to stop this, as I think it might scare some customers. This message was seen with Firefox.

 

Thanks...

 

Dan

Link to comment
Share on other sites
toyicebear

♥toyicebear

Posted
Posted

You need to get a SSL Certificate, have it added and ssl enabled on your hosting and configure your cart to use SSL. (in the file includes/configure.php )

Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To

 

To see what more i can do for you check out my profile [click here]

Link to comment
Share on other sites
MrPhil

MrPhil

Posted
Posted

Is this message happening on an osC SSL-protected page, or on a PayPal SSL-protected page? If the latter, is it right when you're supposed to be coming back to an osC page? If it's a page in osC that's supposed to be SSL-protected (it has 'SSL' in the tep_href_link call), and you do not have SSL set up on your site, that might have triggered the warning. Eventually, you have to link from an SSL page to a non-SSL page, so it must be a misconfiguration somewhere.

Link to comment
Share on other sites
MrPhil

MrPhil

Posted
Posted

I don't understand what's going on. Is someone really looking at your /store/index.php? That should not be under SSL (https). Only selected pages which need the extra security (https) should be getting it, and do automatically when SSL is enabled in configure.php files.

Link to comment
Share on other sites
  • 1 month later...
e-Path

e-Path

Posted
Posted

Hi Dan,

 

The issue can occur when a secure page is sending POST data or session data back to an insecure page. It is a browser level warning.

 

If you intall an SSL cert on your site and make sure oscommerce does things via the SSL then your cart will send a return URL to Pay PaL that is https. You won't see that warning any more because your customers will then be moving from an SSL protected location (Pay Pal) back to another secure location (your site) .

 

SSL certs are not too expensive, you should deffinatly have one anyway.

 

Best regards

 

Peter

e-Path

Accept credit cards online > safely process offline

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...