(Biz Related) Help me settle a debate in reference to SSL and Using Gateways - GoFuckYourself.com

Juicy D. Links · 04-02-2010, 05:49 AM

My friend is starting to sell some his shit online , He wanted to initially use paypal web payments to start (ie : person is sent to PP secure pages to use his CC or login using his PP account) then sent back upn order to his site for the order confirmation...

I told him to add a SSl Cert on the order process no matter what cause he will need it eventually when it gets a merc account....so when customer enters his name , addy and so on to register on site to create account to order he will be on HTTPS

He think cause the person is being sent to PP and he isnt collecting CC info he doesnt need it....

Now anybody want to shed some light on this cause I am not a expert and told him what I think should be done.

-JDL

sextoyking · 04-02-2010, 07:45 AM

Hi Juicy,

It's allways best practices to have all signup / acct creation process in secure mode (https)

Some sites don't secure signup, etc but I think it's best for the consumer, etc.. If he is going to use a cert for the cart anyways best to use it it for all..... It's cheap btw and is professional to the customer...

munki · 04-02-2010, 07:51 AM

If you are transferring any personal information whatsoever, go SSL. No reason not to with how cheaply they area available to boot. Near 15-20 dollar range at godaddy if memory serves.

Serge Litehead · 04-02-2010, 07:57 AM

when any sensitive/private/personal information is being passed by web site's forms over "public" pipes it always best idea to carry this communication in SSL encrypted envelope.

always got amazed how sponsors would collect SS#'s over HTTP in the past, i'm sure many sponsors still don't use SSL on their webmaster signup forms even today

baddog · 04-02-2010, 08:02 AM

I cancel any request like that that does not go to a secured page.

kacy · 04-02-2010, 09:10 AM

You are all correct, everything submited on the page should be secure, but what Juicy is saying is that friend feels nothing is being submitted on HIS website, which is true. It's like saying that adult pay sites should have an SSL when they are using CCBill. Most do not have their own SSL because nothing is being entered on the non secure page, they are directed over the payment provider's website, which is secure.

So, your friend is technically right, but like you said, if he plans to use his own merchant account at some point, he will need an SSL. At this point there is nothing to secure. The add to cart and order now links will all take the customer to PayPal where they will login securely.

munki · 04-02-2010, 09:41 AM

Quote:

Originally Posted by kacy

You are all correct, everything submited on the page should be secure, but what Juicy is saying is that friend feels nothing is being submitted on HIS website, which is true. It's like saying that adult pay sites should have an SSL when they are using CCBill. Most do not have their own SSL because nothing is being entered on the non secure page, they are directed over the payment provider's website, which is secure.

So, your friend is technically right, but like you said, if he plans to use his own merchant account at some point, he will need an SSL. At this point there is nothing to secure. The add to cart and order now links will all take the customer to PayPal where they will login securely.

Even the express paypal checkout methods still transmit personal information... maybe not cc#s... address alone, hell name transfer alone would cause for warranting ssl. And with how cheap ssl is... it shouldn't even be debate, if you run a website that includes any user forms whatsoever... just get it.

kacy · 04-02-2010, 09:43 AM

Agreed

Quote:

Originally Posted by munki

Even the express paypal checkout methods still transmit personal information... maybe not cc#s... address alone, hell name transfer alone would cause for warranting ssl. And with how cheap ssl is... it shouldn't even be debate, if you run a website that includes any user forms whatsoever... just get it.

04-02-2010, 05:49 AM	#1
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	(Biz Related) Help me settle a debate in reference to SSL and Using Gateways My friend is starting to sell some his shit online , He wanted to initially use paypal web payments to start (ie : person is sent to PP secure pages to use his CC or login using his PP account) then sent back upn order to his site for the order confirmation... I told him to add a SSl Cert on the order process no matter what cause he will need it eventually when it gets a merc account....so when customer enters his name , addy and so on to register on site to create account to order he will be on HTTPS He think cause the person is being sent to PP and he isnt collecting CC info he doesnt need it.... Now anybody want to shed some light on this cause I am not a expert and told him what I think should be done. -JDL

04-02-2010, 07:45 AM	#2
sextoyking Confirmed User Industry Role: Join Date: Dec 2001 Location: Portland, OR. Posts: 6,034	Hi Juicy, It's allways best practices to have all signup / acct creation process in secure mode (https) Some sites don't secure signup, etc but I think it's best for the consumer, etc.. If he is going to use a cert for the cart anyways best to use it it for all..... It's cheap btw and is professional to the customer... __________________ ICQ: 52344098 -------------------------------------- 50% Commissions on all Product Sales. http://www.wishing.com/money

04-02-2010, 07:51 AM	#3
munki Do Fun Shit. Industry Role: Join Date: Dec 2004 Location: OC Posts: 13,393	If you are transferring any personal information whatsoever, go SSL. No reason not to with how cheaply they area available to boot. Near 15-20 dollar range at godaddy if memory serves. __________________ “I have the simplest tastes. I am always satisfied with the best.” -Oscar Wilde

04-02-2010, 07:57 AM	#4
Serge Litehead Confirmed User Industry Role: Join Date: Dec 2002 Location: Behind the scenes Posts: 5,190	when any sensitive/private/personal information is being passed by web site's forms over "public" pipes it always best idea to carry this communication in SSL encrypted envelope. always got amazed how sponsors would collect SS#'s over HTTP in the past, i'm sure many sponsors still don't use SSL on their webmaster signup forms even today __________________ SilverCrocodile.com Adult web design since '05

04-02-2010, 09:10 AM	#6
kacy Confirmed User Join Date: Oct 2002 Location: So Cal Posts: 877	You are all correct, everything submited on the page should be secure, but what Juicy is saying is that friend feels nothing is being submitted on HIS website, which is true. It's like saying that adult pay sites should have an SSL when they are using CCBill. Most do not have their own SSL because nothing is being entered on the non secure page, they are directed over the payment provider's website, which is secure. So, your friend is technically right, but like you said, if he plans to use his own merchant account at some point, he will need an SSL. At this point there is nothing to secure. The add to cart and order now links will all take the customer to PayPal where they will login securely. __________________ ~Kacy

04-02-2010, 08:02 AM	#5
baddog So Fucking Banned Industry Role: Join Date: Apr 2001 Location: the beach, SoCal Posts: 107,090	I cancel any request like that that does not go to a secured page.