| Author |
 Topic  |
|
|
IfOnly
VP-CART New User
United Kingdom
90 Posts |
 Posted - January 31 2004 : 00:04:49
|
I am considering using VP-ASP but cannot get an understanable answer to my confusion over shared SLL, payment gateways(Protx)and whether VP-ASP works with then. Sorry for my naivety can anyone please explain in plain English. My questions are below:
Under the link: www.vpasp.com/virtprog/info/faq_sharedssl.htm the following is stated:
"VP-ASP and Shared SSL
With a Shared SSL certificate you cannot:
Use some of our supplied gateways
Use the VP-ASP Admin system in SSL Mode
Use any other VP-ASP files in SSL Mode
Because of this domain name change, all application variables are lost. All session variables are lost and in many cases the ability to read and write the database is lost. This is the reason we only support one facility under shared SSL and why you cannot use the VP-ASP Admin system in SSL Mode."
Could someone please explain in practical terms what:
1. Not being able to use VP-ASP Admin system in SSL mode means please. I have played with the online demo; are you saying that none of the order downloading will work on a shared SSL?
2. ‘Losing session variables and read write capability’; means what please, after the buyer has sent off his credit card details by the say forms method. Does the rest of the returning him back to the last page he was on not work? Does the sending of emails to buyer and shop owner not work? – what do we lose the ability to do?
3. If the merchant wants to pay for Protx and my hosts have confirmed that they have the software on the server I use, do we not need to use any SSL on our site as Protex deal with it all. Does this work easier with VP-ASP.
Thanks to anyone who spares the time to get me over this initial hurdle.
|
|
|
GTM
VP-CART New User
USA
122 Posts |
Posted - February 01 2004 : 02:17:47
|
If you use shared ssl there is no guarantee. The reason is that IHPs (Internet Host Providers) mostly use another domain name to serve your documents securely using a common SSL certificate. The ISP shares its SSL with you by placing your secure pages on its SSL protected server. Often the URL to call your documents looks something like the following example
https://machinename.securedomain.ext/yourdomain/document.html
or
https://yourdomain.securedomain.ext/document.html
Disadvantages:
1) You aren't listed as the SSL certificate owner. This can potentially shake consumer confidence and loose sales.
2) Cannot be transferred if you move to a different host.
3) Incompatibility with many shopping carts. Since shared SSL requires a transfer to or through a separate server, many session-based carts will not work.
Not the least of which is session or cookie problems where other stores using the same e-commerce application(s) with the same provider use the same sharedssl. Your other choice is to purchase your own individual SSL certificate which there are ones out there that are priced fairly low.
Greg
|
 |
|
|
IfOnly
VP-CART New User
United Kingdom
90 Posts |
Posted - February 01 2004 : 12:10:34
|
Thanks very much for that info Greg.
If we go for for a Certificate, does the program store the credit card details in the database still, which is on an OSDN held one or does it hold it in the certificated secure area?
Does this work easier in practice with the set up for off line processing is my concern I suppose.
|
|
|
|
siraj
VP-CART New User
USA
194 Posts |
Posted - February 01 2004 : 14:02:31
|
Hi there,
SSL certificate is different from gateway. I think you are confused with gateway. Even if you use Shared SSL or SSL on your own or no certificate at all, the credit card infomation will be stored in the database and same table. As you are you want to process the credit card offline, thats what you wanna go for. Use SSL and set the encription key. Even if your databaseis hacked, hacker cant see the credit card info. Only thro admin page can decript those fields.
If you gateway, you dont have to worry about anything and the info will not be stored in your database at all.
I think what you need to do for offline:
1. Use own SSL ( now you can get for around $60.00)
2. set the encription
3. Once you process the credit card delete those
4. Use good practice for your admin pages, double passwords and hide the page from hackers and things like that.
If you need any help, mail me.
SJ.
[email protected] |
|
|
|
IfOnly
VP-CART New User
United Kingdom
90 Posts |
Posted - February 02 2004 : 07:07:06
|
Thank you very much siraj.
That has made it a lot clearer.
I am buying the package today and will get my client his own SSL
Regards
Phil
|
|
|
| |
Topic |
|
All Forums
Pre sales answer confuses me
New Topic
Printer Friendly
TrustGuard - PCI Security Scanner
