Is is posible to make the admin section automaticly use SSL? Atleast the loging form. If you manually go to https it says there are some insecure items.
thanks
jason
Is is posible to make the admin section automaticly use SSL? Atleast the loging form. If you manually go to https it says there are some insecure items.
thanks
jason
Jason, did you get a response on this one?
The bottom toolbar that appears in the Admin control panel seems to be the item that that browser reports as insecure. If you access the control panel using IE and click the "No" button when IE notifies you that the page contains both secure and insecure items you will find the bottom toolbar disappears.
I was looking into making the control panel access secured via SSL and ran into this same problem.
Any members of the Squirrelcart team have an explanation of why this is?
The other thing you will find is that when you click the "No" button in response to the "insecure items" notification, the page generates a Javascript error on loading complaining that an object is not present. I'm testing the V2.2.4 version of Squirrelcart prior to determining if it provides the features we want for a shop deployment.
OK, I think I've tracked down why the control panel complains about insecure items when you try to set it up to be accessed via SSL.
In the file admin_header_inc.php, all references to the Javascript files which are pulled in to help with the dynamic menus et al, use the following reference:
$SC['cart_www_root']
This equates to:
http://<hostname>/squirrelcart
What I think you're looking for is another reference, which is:
$SC['dyn_cart_root']
This equates to:
https://<hostname>/squirrelcart
in the scenario where you want all the admin features accessible only over SSL.
Perhaps one of the Squirrel guys can confirm or otherwise whether this is right.
Well accually I kinda forgot about this, but I just recently found a solution(for me anyway). I've been hearing about session hijacking and other security concerns (not specificly SC) and heard of people running their entire site in SSL. I liked the idea so I tried it by setting both the secure root and the non-secure root to https in the config file. So far so good, I'm about to switch my biggest client that's using SC over to that setup. The only downsides that I know of are it uses a little more server resources and ssl is really slow over some satalite internet conections. Maybe some one else has a thought on that.
jason
FYI- support for using SSL in the control panel is coming in the next release (v2.4.0?). It will be enabled by default, configurable on the Store Settings page in the control panel.
Thanks,
Jamie
PHP shopping cart software - Squirrelcart
Please rate or review us!
Hotscripts ● PHP Resource Index
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
