Jump to content

Recommended Posts

Hi All, I could do with some advise on designing a simple e-commerce site!

 

I want a secure area (https) to contain my login scripts and customer account pages.

I have been told the best practice for this is to purchase a new domain e.g. secure.domain.com and to buy a valid ssl certificate.

 

I have files, such as images and javascript files that I want to share between the secure and unsecure pages.

 

On my server, these two sites will need two separate directories. E.g.

 

/var/www/

  unsecured-site/

    images/

    jsscripts/

    index.php

    ...

  secured-site/

    index.php

    ...

 

I heard that if I symlink the image directory (and javascript directory, etc) from the non-secured site to the secured site,

then users would not get any warnings about mixed security contents. Is this true?

 

Are my overall thoughts above about how to design this website valid? Anything to add?

 

im sure someone with more https experience can confirm mine or give you a more accurate answer but as far as i know:

 

1) switching back and forth between http and https WILL generate browser warnings

2) i personally think it compromises the sites security overall (if you transmit any kind of sensitive info over http) - but i have no concrete source to back me on this one

3) the domain doesn't really matter, its the hosting that does.  if you really want to make it as secure as possible DON'T get shared hosting.  and if you must, get all the extra bells and whistles you can as far as SSL, unique IP, etc.  but really, getting a dedicated server is correct thing to do.

 

there might be a loophole you can explore using iframes and ajax to load the js, css and images from a non https location (again no info to back this up sorry) but either way if you're gonna use ajax in the first place you should really go 100% SSL.

 

so just merge that directory structure and you're good to go! :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.