Jump to content

Archived

This topic is now archived and is closed to further replies.

djoffe

Security Warning on Returning from Completed Paypal payment

Recommended Posts

I'm still in the middle of configuring things, but now have Paypal Standard working. However, after the paypal transaction completes, I get the following in a box titled security warning:

 

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

 

Are you sure you want to continue sending this information?

 

Is there something I can change about my configuration in oscommerce to stop this, as I think it might scare some customers. This message was seen with Firefox.

 

Thanks...

 

Dan

Share this post


Link to post
Share on other sites

You need to get a SSL Certificate, have it added and ssl enabled on your hosting and configure your cart to use SSL. (in the file includes/configure.php )

Share this post


Link to post
Share on other sites

Is this message happening on an osC SSL-protected page, or on a PayPal SSL-protected page? If the latter, is it right when you're supposed to be coming back to an osC page? If it's a page in osC that's supposed to be SSL-protected (it has 'SSL' in the tep_href_link call), and you do not have SSL set up on your site, that might have triggered the warning. Eventually, you have to link from an SSL page to a non-SSL page, so it must be a misconfiguration somewhere.

Share this post


Link to post
Share on other sites

I guess it is ssl related....when I "why no padlock" my page, it shows the attached screen shot...

post-321511-0-19559700-1369002748_thumb.png

Share this post


Link to post
Share on other sites

I don't understand what's going on. Is someone really looking at your /store/index.php? That should not be under SSL (https). Only selected pages which need the extra security (https) should be getting it, and do automatically when SSL is enabled in configure.php files.

Share this post


Link to post
Share on other sites

Hi Dan,

 

The issue can occur when a secure page is sending POST data or session data back to an insecure page. It is a browser level warning.

 

If you intall an SSL cert on your site and make sure oscommerce does things via the SSL then your cart will send a return URL to Pay PaL that is https. You won't see that warning any more because your customers will then be moving from an SSL protected location (Pay Pal) back to another secure location (your site) .

 

SSL certs are not too expensive, you should deffinatly have one anyway.

 

Best regards

 

Peter


e-Path

Accept credit cards online > safely process offline

Share this post


Link to post
Share on other sites

×