Joomla and Shopping Cart without HTTPS - joomla

I have a new client whose website is having all kinds of problems (I'm just coming into the situation now). It's a Joomla site with a VirtueMart shopping cart, but when I'm using the shopping cart, it doesn't appear to be using https. I'm a novice when it comes to shopping carts, but I would think this is a critical issue. Isn't this really, really bad?!? Or is it a feature of Joomla and VirtueMart?

When dealing with payments online, it's always best to use HTTPS as I assume you know it's more secure. There could be a few reason why it hasn't been used on your clients' site, such as: Good SSL certificates are quite expensive (especially if you're on a budget), it decreases site performance, the person who developed it might not have any idea about SSL Certificates. Either way, I would recommend you get your client to purchase a SSL Certificate

Related

Square E-commerce Api integration to clients website

Sorry if this is a simple question but I am trying to understand the best way to do this and I am new to Square development. I have a customer who has the Square chip card reader device on their cell phone and they are taking credit cards today. They also have a website which is using a oscommerce shopping cart and authorize.net gateway for processing orders on their website. What they want to do is just use Square and change the website so it integrates with their existing Square account. I understand the basic process of how to do this with the E-commerce API but I am a little confused on the developer / merchant Credentials.
This is a one off development for them so I do not think I want to use the oAuth method.
If they are a merchant today do they have to sign up under the developer area and create a app using the Application Dashboard so that they have a personal access token and application ID that I would use on their website? ( I already signed up and have a developer account)
What information about a sale is shown on their Square account once I integrate the secure SqPaymentForm payment form onto their website? Today all the details on the order are in the shopping cart such as what the customer ordered, the shipping address etc. Is this now going to appear on the Square account for them or do I still need to maintain this information in the shopping cart? It would be good if they could use a single interface such as the Square account.
thanks for your help.
If you don't to use OAuth, you'll have to have the merchant go to the Square Developer Portal and give you their personal access token and application id.
There are many different ways you can implement an online store, so where the information lives is all up to you. You probably want to keep your existing shopping cart functionality and just implement square for the payments, as that will likely be easiest and ensure you have all the data you want.

How to get magento multistore work with facebook app

I sat up facebook connect extension on my magento store, which allows customer to login to the store with their facebook account. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
I'm not fully aware of how that Magento app works internally, however what I would say is that Facebook strictly speaking, does not allow apps to work across multiple different URLs. You can add multiple subdomains, however.
There is also some unsupported functionality allowing you to run apps across different domains details in this question, though it's worth remembering, this is unsupported.
The Facebook docs have some more info on "App Domains", and how they should be configured.

Installing SSL certificate in Magento?

I must install a SSL certificate for my Magento store and I have a question:
Is it better to install the SSL certificate in a subdirectory or in the main domain? (Ex: store.domain.com or domain.com)
My doubt is whether installing on the primary domain (domain.com) could harm the SEO ranking in Google, since the site will now respond with https?
Or does Magento handle this and loads the https pages only when necessary, like in the cart pages?
Magento can use https only for certain pages (they're checkout, customer account and admin panel), but it depends on configuration. Please, see the Web→Secure→Base URL config option. You're probably want to set base URL as http://www.foo.com/ and base secure URL as https://www.foo.com/

SSL: use on any page or just on login and several more forms?

OK, I thought SSL certificate should be used on the pages that have some sensitive information displayed and on the login page, change password pages and so on.
But, on this thread SSL Certificate. For which pages? that was opened about 6 months ago, the best recommendation according to votes was to use ssl certificate for absolutely all pages on the web-site, even for the About page. Well... If you have a news web-site and some users have a login page and pay for advanced subscription, but you are among that users, do you read news with ssl certificate? :)
1) The first question: I've never seen a web-site with http on the About page. Can I doubt that recommendation is the best one?
2) The second question: Why doesn't Ebay follow that rules to have https connection on every page? I see they show ssl certificate only at the login page and never before you log in. After you log in, you see http, not https. What's their point?
3) If you actually have page A for guests and page B for logged in users and page C as a "sign in page" and page "D" as registration, would you recommend to use ssl for page B,C,D, but not for A?
Thank you.
SSL flows both ways. You need to worry not only about the secrets transmitted from server to client, but also about the secrets transmitted from the client to the server. Amongst other things, the latter group includes commonly used client identification mechanisms like basic authentication headers, authentication cookies, and session cookies for authenticated sessions. It is possible to set things up so that such information is not transmitted from the client for certain pages, in which case it becomes safe to load them over HTTP. However, the mechanisms for doing can be complex to maintain and require strict and ongoing auditing. Unless you are willing to make that effort, you should be using HTTPS for all pages that an authenticated user can possibly visit.
I haven't read what was said on that link, but I wouldn't agree. SSL does have a performance hit, so using it for everything, just because you can, wouldn't make any sense. As with everything else in technology, use it sparingly.

What does 302 redirects as filters mean?

I have an hosting account on Godaddy which has been redirected for last few days, to be precise, 5 days.
After mailing them quite few times, this is what they had to say
The 302 redirects are filters setup to maintain the integrity of the hosting server while we investigate and resolve an issue(s)
The post is not for boo-haa of godaddy, all I want to know is the technical aspect of the above term.
Why these filters are set, how they are set and what purpose they fulfill
Any sort of detailing on the issue will be helpful. Being a developer, it will only help when I plan to roll out hosting on my own.
The filter was set by godaddy to restrict access to your account until they can complete an investigation. The why would depend but if your website had illegal content on it whether you put it there, a user of yours or your account was hacked and someone else did would be some possible whys. By illegal I mean anything in violation of their policies or the law. The purpose is to protect their network and or you in the event that someone else is responsible for whatever they are investigating. I would call them.
I am in the process of pulling my website from Godaddy because of the same reason. They will randomly run a 302 redirect filter to protect their server. I found about 1/3 of my potential customers were being redirected to a non working version of my website. I spoke with a support staff at Godaddy and they had no reason but it is designed to protect their system. This is what you should look for. I use a company called Stat Counter and it shows your visitors paths my web address is www.actions4photographers.com What Go daddy does is take my web address and add 4-or 5 letters to the end of it and redirecting my customers to a non working version of my site.
I have had customers tell me my site was not functioning and I spent a small fortune trying to find out why. Now I know. Trying to get GoDaddy to admit that they were running the 302 redirect filters was like pulling hens teeth. I have been spending... like most of you a lot of time and money working on getting traffic to find out they are just turning away 1/3 of my traffic. How it this fair?

Resources