| Author |
Message |
RebeccaMI
Newbie - Two Blades
Joined: 20 Sep 2006
Posts: 32
Location: southwest MI
|
 shopping cart security
Please bear with me if I sound like a moron... this is my first experience with shopping cart installation and management. (Everybody has to have a first time, right?)
I installed AgoraCart 4.0K-4b Standard on the website scs-matters.com using the "click to install" option in the website control panel. So far we're doing fine with adding products and whatnot but before we release the cart to the public for shopping, we want to make sure that it is secure. The hosting company says that we "need to redirect your payment page to the secure page at https://domainname/paymentpage". We have a page already on their shared SSL so that is taken care of. So my question is...
How do I redirect the payment page?
_________________ ~Rebecca S.
Sterling Designs
|
| Wed Sep 20, 06 10:50 am |
   |
|
scottcrew
Moderator
Joined: 13 Feb 2004
Posts: 7516
Location: The West Side of MI USA
|
You don't redirect to a payment page.
You use the SSL URL to the agora.cgi file in the manager -> Main AgoraCart Store Settings
AND
manager -> Payment Gateway (if using the Offline Gateway)
What is the URL to your store?
HTH!
_________________ God Bless!
Bonnie - AgoraCart Moderator
Get a Gold Membership
|
| Wed Sep 20, 06 11:22 am |
    |
|
RebeccaMI
Newbie - Two Blades
Joined: 20 Sep 2006
Posts: 32
Location: southwest MI
|
scottcrew wrote:What is the URL to your store?
http://scs-matters.com/agora/agora.cgi
scottcrew wrote:
You don't redirect to a payment page.
You use the SSL URL to the agora.cgi file in the manager -> Main AgoraCart Store Settings
AND
manager -> Payment Gateway (if using the Offline Gateway)
So I log in to the store manager and select Payment Gateway from the links at the top. About halfway down is a blank that says "Please enter the Secure URL to your agora.cgi store." I put the URL of the page we have on the host's shared SSL in that box? And what else do I change? I don't see an option for "Store Settings".
(Like I said, I'm new at this...)
_________________ ~Rebecca S.
Sterling Designs
|
| Wed Sep 20, 06 11:53 am |
|
|
scottcrew
Moderator
Joined: 13 Feb 2004
Posts: 7516
Location: The West Side of MI USA
|
Rebecca,
What is the shared SSL URL?
in the manager -> Payment Gateway
AND
manager -> Program Settings -> Main AgoraCart Store Settings
You put the SSL URL to the agora.cgi file it MUST be to the agora.cgi file.
Something like:
https://www.scs-matters.com/agora/agora.cgi
BTW, you have the store URL set up incorrectly in the manager,
you MUST have the www. at the beginning like:
http://www.scs-matters.com/agora/agora.cgi
HTH!
_________________ God Bless!
Bonnie - AgoraCart Moderator
Get a Gold Membership
|
| Wed Sep 20, 06 12:09 pm |
|
|
RebeccaMI
Newbie - Two Blades
Joined: 20 Sep 2006
Posts: 32
Location: southwest MI
|
scottcrew wrote:Rebecca,
What is the shared SSL URL?
It's https://oursecurewebsite.com/scs/
scottcrew wrote:
in the manager -> Payment Gateway
AND
manager -> Program Settings -> Main AgoraCart Store Settings
So I put the URL for the secure page in the appropriate blank on both those pages?
scottcrew wrote:You put the SSL URL to the agora.cgi file it MUST be to the agora.cgi file.
Something like:
https://www.scs-matters.com/agora/agora.cgi
Do I need to download, modify, and reupload the actual agora.cgi file?
scottcrew wrote:
BTW, you have the store URL set up incorrectly in the manager,
you MUST have the www. at the beginning like:
http://www.scs-matters.com/agora/agora.cgi
So you're saying I should be going to http://www.scs-matters.com/agora/protected/ and not http://scs-matters.com/agora/protected/ ? Or are you saying I need to change another setting? Most of the settings that are in there right now are "default" ones from the way the cart was installed by the cPanel.
_________________ ~Rebecca S.
Sterling Designs
|
| Wed Sep 20, 06 12:22 pm |
|
|
scottcrew
Moderator
Joined: 13 Feb 2004
Posts: 7516
Location: The West Side of MI USA
|
Rebecca,
I'm not talking about accessing the store manager...
I'm talking about the store URLs that are set INSIDE the
manager -> Program Settings -> Main AgoraCart Store Settings
The SSL URL you posted doesn't seem to work...
Who is your webhost?
HTH!
_________________ God Bless!
Bonnie - AgoraCart Moderator
Get a Gold Membership
|
| Wed Sep 20, 06 12:43 pm |
|
|
RebeccaMI
Newbie - Two Blades
Joined: 20 Sep 2006
Posts: 32
Location: southwest MI
|
scottcrew wrote:Rebecca,
I'm not talking about accessing the store manager...
I'm talking about the store URLs that are set INSIDE the
manager -> Program Settings -> Main AgoraCart Store Settings
The SSL URL you posted doesn't seem to work...
Who is your webhost?
OK so I am here:
And I think that specifically I need to be changing some things in this part of the page:
Right?
The SSL works but there was no index page there, so I put one in just so no one would go messing around. The pages that we actually use on there are like this one: https://oursecurewebsite.com/scs/secure-order-form.shtml and even that is a work in progress. We stopped working on that page when we decided to go "whole hog" and install the shopping cart.
Sorry if I'm being dense and making this more difficult than it needs to be. I'm just so afraid of screwing something up!
_________________ ~Rebecca S.
Sterling Designs
|
| Wed Sep 20, 06 1:03 pm |
|
|
scottcrew
Moderator
Joined: 13 Feb 2004
Posts: 7516
Location: The West Side of MI USA
|
Rebecca,
Is the SSL on a separate server?
If so, you will need to install and run the entire store on the SSL server in SSL.
HTH!
_________________ God Bless!
Bonnie - AgoraCart Moderator
Get a Gold Membership
|
| Wed Sep 20, 06 1:22 pm |
|
|
RebeccaMI
Newbie - Two Blades
Joined: 20 Sep 2006
Posts: 32
Location: southwest MI
|
The shared SSL and the regular hosting are both provided by a company called 123eHost.com. This is how the conversation has gone so far:
I asked: " What can you tell us about shopping cart security? We have installed the Agora cart on scs-matters.com but we'd like to have security for the page where customers enter their sensitive information like credit card numbers. I know that tech support for the shopping cart itself is not something that you normally offer, but we are wondering if you might still be able to help us with the security issue."
They replied: " You would need to redirect your payment page to the secure page at https://domainname/paymentpage. Of course, you would need to purchase a secure certificate from a 3rd party company such as Thawte.com or instantssl.com. First you would need to fill out the form at https://www.123ehost.com/123ehost/sslsetupfee.htm We would need to transfer the account into a unique ip address; it costs $25/year. In 24 hours we would send you an SSL Certificate Signing request. You will need take this and give it to the 3rd party Certificate Company and then they will provide you with the actual Cert which we would need to install it on your account."
Do you think it would make more sense at this point to pay for our own SSL certificate (like they are talking about above)? I don't know what else to do because I do not know if I am able to installed and run the cart on the shared SSL server (oursecurewebsite.com/whatever)...
_________________ ~Rebecca S.
Sterling Designs
|
| Wed Sep 20, 06 1:38 pm |
|
|
scottcrew
Moderator
Joined: 13 Feb 2004
Posts: 7516
Location: The West Side of MI USA
|
Rebecca,
That is something that needs to be discussed with the web host...
_________________ God Bless!
Bonnie - AgoraCart Moderator
Get a Gold Membership
|
| Wed Sep 20, 06 1:49 pm |
|
|
RebeccaMI
Newbie - Two Blades
Joined: 20 Sep 2006
Posts: 32
Location: southwest MI
|
While waiting for the host to answer the question of whether we can install Agora in our area of the shared SSL, I looked briefly into the costs of buying our own SSL certificate. Thawte charges $149 for one year or $259 for two years for their entry level (read: most affordable) product. The $25 fee isn't so bad, but the cost of the certificate seems very high in view of SCS's online sales. So now the client wants to know if there is a way to keep the Agora program on the main server with the website and simply transfer the customer to the page on the shared SSL server for the actual check-out procedure where personal information (credit card number, etc.) is collected?
I'm guessing not, but it doesn't hurt to ask.
_________________
~Rebecca S.
Sterling Designs
|
| Thu Sep 21, 06 11:33 am |
|
|
scottcrew
Moderator
Joined: 13 Feb 2004
Posts: 7516
Location: The West Side of MI USA
|
Nope, if SSL is on a separate server, the entire store must be run on that server.
There are SSL certs out there for less than $30.00...
We have some webmaster resources at:
http://resources.scottcrew.com/host.htm
HTH!
_________________ God Bless!
Bonnie - AgoraCart Moderator
Get a Gold Membership
|
| Thu Sep 21, 06 12:10 pm |
|
|
Dan
Guest
|
you need to change the store url in the main agoracart store settings to:
http://www.scs-matters.com/agora/agora.cgi
change all of your harcoded links, bookmarks and etc to that url. be sure to change your bookmarks to the store manager to...
http://www.scs-matters.com/agora/protected/manager.cgi
after you change the store url you will get kicked out of the manager sooner or later. usually when trying to save more settings. this is normal as the cookie will be different for the url. just log back into the manager. your store will set a new cookie for the url with the www.
i suggest you find another hosting company. rule of thumb is if they do not offer a shared ssl for you to use then they are not e-commerce oriented. howerver, if you're happy with them and you want a branded ssl and want the additional expense then go for it.
be sure to tell them you need two periods in the ssl url. your branded ssl url should be something like this...
https://secure.scs-matters.com
and not...
https://scs-matters.com
d
|
| Thu Sep 21, 06 11:23 pm |
|
|
|
|
