slscart and a Secure Connection
What is a secure connection?
In order to provide a secure connection between the browser and the server (where your e-store resides), a security process known as SSL is used. When SSL is used, all data to and from the browser and server is encrypted. This prevents someone from seeing the data being sent back and forth (think unsecure coffee shop connection). If an unsecure connection is used, anyone monitoring your data can see everything, including passwords, email addresses, login, and other sensitive information. This also includes any customer orders, contact us information, ...
Why a web site should be secured
- Google penalizes web sites that are not secure
- Google labels the web site 'unsecure' in the browser if site not secured
- Customers are more confident when a web site is secure
- Stop hackers from seeing everything sent to/from your server; possibly getting into your web site or stealing your identity
The store administration can be enabled to use a secure connection. This prevents the login and password from being intercepted and read by a hacker monitoring Internet traffic.
An SSL cert is used for a domain. It protects data sent to and from a
browser to the server.
So any login or form data is encrypted so someone sniffing your transactions cannot decipher them. If you didn't use SSL, anyone monitoring your connection can see it because it is not encrypted. This is why Google now ranks https sites better than unsecured HTTP sites.
Mals, dropbox, and PayPal all have their own SSL cert. Mals interacts with PayPal using https so you don't have to worry.
All transactions up to the point a customer connects to Mals or Dropbox is from your site.
What can someone do over an unsecured connection?
They can see all data going to and from wherever you are connected. In our case, they can see storeadmin login, changes, email addresses, ordering information. This data can possibly be changed in the middle (called man in the middle attack), like making a price lower than it should be.
How can I tell if there is a secure connection?
You can tell if a site has an SSL certificate because it has https in the url and is generally green.
What do I need to make my slscart store secure?
An SSL certificate needs to be ordered and installed for your domain.
Some hosting packages requires a dedicated IP address to install an SSL certificate. Installation will be done by your host. Note that if this is the first time your store is getting a dedicated IP address, it may take several hours before the rest of the world recognizes the new IP address.
Mals, which is an interface to the store's payment processor (such as authorize.net or paypal) uses a secure connection. Mals uses a secure connection between itself and the payment processors.
DropBox also uses a secure connection.
If your store always use a secure connection customers will have a good sense of security with your website.
slscart requires turning on SSL security in the config file. It has storewide (the store and admin) capability.
SSL, around since 1995, is not used anymore because it is not secure.
TLS is now used, which supercedes SSL and provides a better degree of protection. At this time, TLS 1.2 is the best security suite.
The more proper name is TLS certificate, but old habits die hard.
Generally, the SSL cert company has a logo you can display for customers to show you use SSL.
Your website, which resides on a server, and your browser, which resides on your smartphone or computer, need to communicate securely. The internet provides the path from your browser to the server. The way the browser and server communicate is called HTTP (Hypertext Transfer Protocol).
HTTPS (Hypertext Transfer Protocol Secure) is a communications protocol used on the Internet that has a layer of security added. It is a combination of the standard HTTP protocol, and a security protocol called SSL/TLS.
HTTPS is important because standard HTTP sends data over the Internet in plain text making it easy to intercept. The added security layer with HTTPS encrypts information traveling over the internet to prevent wire tapping, stolen credit card numbers, and other interceptions.
Google announced in August, 2014 that it ranks websites higher that use HTTPS.
https as a ranking signal - SEO and security
More can be found on the Google security blog.