1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

whole site run through SSL vs just the checkout process

Discussion in 'Security' started by aksfinest, Dec 17, 2006.

0
  1. #1
    What are your opinions? Should my entire website run through SSL or just the checkout process?

    Also how hard is it to implement SSL on an existing site? I have been waiting weeks for my developer to get SSL implemented with my site and I just do not know what is taking so long.
     
    aksfinest, Dec 17, 2006 IP
  2. Corey Bryant

    Corey Bryant Texan at Heart

    Messages:
    1,126
    Likes Received:
    51
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I would just say the checkout process - most usually start when they ask for your name, etc. Usually there is no need to encrypt the cart itself because this could actually slow your site down due to the code being encrypted etc (I am surprised the web developer did not tell you this).
     
    Corey Bryant, Dec 17, 2006 IP
  3. aksfinest

    aksfinest Peon

    Messages:
    148
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I really appreciate the advice Corey, so if only the personal info is encrypted then it really shouldn't take a great deal to implement I assume?
     
    aksfinest, Dec 17, 2006 IP
  4. Corey Bryant

    Corey Bryant Texan at Heart

    Messages:
    1,126
    Likes Received:
    51
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Right - the personal and credit card information. I think it was Staples website the other day. When I hit checkout, it directed me over to their secure site. When I went back to add more items - I was directed to a non-ssl page

    Usually this is better and easier. A lot of times, merchants put extra scripts in their site and so that might be why it is taking so long. For example, you have to call everything via https://.

    There are some sites that I have noticed during the checkout process that if I decide to go back that I am in an SSL.

    As far as implementing - it depends on how the cart is built etc. If, for example, you are using a shared footer and have the Google analytics code in there, in non-ssl you use something like 
    		<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">	
		</script>
		<script type="text/javascript">
		_uacct = "UA-XXXXXX-2";
		urchinTracker();
		</script>
    Code (markup):
    and in SSL you use something like 
    		<script src=" https://ssl.google-analytics.com/urchin.js" type="text/javascript">
		</script>
		<script type="text/javascript">
		_uacct = "UA-XXXXXX-2";
		urchinTracker();
		</script>
    Code (markup):
    so instead of changing the footer on certain pages, we just used an if-then statement to use the correct JS code. This could be what is holding him / her up - trying to determine what is the best way to do this.
     
    Corey Bryant, Dec 17, 2006 IP
  5. aksfinest

    aksfinest Peon

    Messages:
    148
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Gotcha, I really appreciate the response. I didnt want to go making demands or assumptions about something I know nothing about, the cart I use is custom so that may complicate things.
     
    aksfinest, Dec 17, 2006 IP
  6. Corey Bryant

    Corey Bryant Texan at Heart

    Messages:
    1,126
    Likes Received:
    51
    Best Answers:
    0
    Trophy Points:
    0
    #6
    No worries. It really depends on a lot with the code but I there is really no need to have your entire cart encrypted. Good luck with it.
     
    Corey Bryant, Dec 17, 2006 IP