|
Security |
Post Reply 
|
| Author | |
steverguy 
Groupie 
Joined: 05-April-2006 Location: United States Status: Offline Points: 44 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: SecurityPosted: 20-May-2013 at 2:24pm |
|
So... we get our site scanned every so often for PCI complience. This time around we failed due to "Web Application Transmits Login Credentials Without Encryption" regarding http://www.oursite.com/pc/checkout.asp?cmode=1. (that's not really our domain...
 ).Our product cart settings are set to go secure when someone registers or logsin. To be safe, all of my links for logging in include our full domain path, including the https:// - but, if you go to http://www.blahblah.com/pc/checkout.asp?cmode=1 directly you can login without it switching to SSL. Shouldn't this change to ssl regardless of how I navigate to the page?
|
|
|
"Remember, 72.5% of all statistics are made up."
|
|
 |
|
|
Hamish
Admin Group 
Joined: 12-October-2006 Location: United Kingdom Status: Offline Points: 56 |
Post Options
Thanks(0)
Quote Reply
Posted: 20-May-2013 at 3:12pm |
|
Hi Setverguy, yes, we take security very seriously, please raise a support ticket so we can help identify the issue.
|
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options