SSL online shop
Discussion
Anyone know anything about setting up an online shop? Must have SSL encrption etc for online orders, who does hosting etc. I already have a web desinger lined up but they have not done SSL before, I could probably do this bit with some guidance, just need to know of any special requirements for the hosting etc.
Do you need to do the secure bit yourself? There are plenty of companies offering facilities to do that bit for you. e.g. www.worldpay.co.uk
Agree with what ted said, even when you've got the SSL out of the way (simple enough, once you've got a certificate most hosts will install it and set up the connection, with my hosting company its only a case of paying an extra £1/month per extra IP address) you then have to go through all the hassle of sorting out a new merchant account (you'll need a new merchant number for your online dealings) and a payment processor. By using worldpay all this is sorted out by them, you can even skin the payment page so it looks the same as the rest of your site, the only difference will be the URL (select.worldpay.com)
It costs a bit more per transaction but will work out cheaper until you get to a high level of transactions.
By the way if you do choose to do it yourself then don't limit your security to encrypting the data in transit (i.e encrypt databases, keep sensitive files in non-web accessible directories etc), one of the worse cases of this I found was a company selling camping gear, they left all their customers details text files in an open directory, I literally stumbled across them!
>> Edited by rpguk on Friday 8th August 16:04
It costs a bit more per transaction but will work out cheaper until you get to a high level of transactions.
By the way if you do choose to do it yourself then don't limit your security to encrypting the data in transit (i.e encrypt databases, keep sensitive files in non-web accessible directories etc), one of the worse cases of this I found was a company selling camping gear, they left all their customers details text files in an open directory, I literally stumbled across them!
>> Edited by rpguk on Friday 8th August 16:04
The only special requirement you need is SSL module to be loaded.
For IIS its simple.
For Apache, there are two options, use ApacheSSL (An ssl compiled version of apache) or, if you have an existing apache setup you would like ot keep (mod_php./jsp etc already on) then just use mod_ssl.
Its rather simple to install, and can even be done without a recompile of apache if you know how
Then its just a case of getting an ssl cert (I can have one in 15 mins) and making the appropriate changes to the apache conf.
It all sounds hard, but thats why you pay your hosts money so you can get them to help.
Once up, its just a case of referencing https as opposed to http (you should make sure any links to local files are not literal, but instead dynamic.. ie DONT use www.yoursite.com/images/logo.png, but instead use /images/logo.png.. else you will get Security Warnings appear, and the Padlock will go :! )
If you need any help, just ask
For IIS its simple.
For Apache, there are two options, use ApacheSSL (An ssl compiled version of apache) or, if you have an existing apache setup you would like ot keep (mod_php./jsp etc already on) then just use mod_ssl.
Its rather simple to install, and can even be done without a recompile of apache if you know how
Then its just a case of getting an ssl cert (I can have one in 15 mins) and making the appropriate changes to the apache conf.
It all sounds hard, but thats why you pay your hosts money
so you can get them to help. Once up, its just a case of referencing https as opposed to http (you should make sure any links to local files are not literal, but instead dynamic.. ie DONT use www.yoursite.com/images/logo.png, but instead use /images/logo.png.. else you will get Security Warnings appear, and the Padlock will go :! )
If you need any help, just ask
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff