Ok first off, what I am doing. I am putting togethera site for the company I work for. This is out first e commerce site, we have always been a face to face company. Time to expand.

What I am doing with the site.

1. I am using the IPBoard forums module hack for my forums for a place for visitors to get ideas on how to deal with hardware problems or lawn care, etc, or just general chat.

2. I am using OS Commerce hack for my shopping cart to sell some of our products online.

3. Have installed a gallery hack for the storing of images.

4. I am installing a support help desk for buyers to send inquires about products they would like to purchase, problems with purchases, talk to accounts payable, etc.

This is a buisness site. Not a play around site. It must appear professional and must be secure. So on to my questions.

1. SSL. What is the procedure I must do to make the log ins run through a SSL? What exactly does the SSL do?

2. Is there any other security measures via hacks I should do to secure the site even further?

3. How can I make the help desk, forums, and commerce modules all access the same log on and registry? I realize with permisions they can al be accessed but that is not what I am concerned with. Mainly there is a disclaimer in the XOOPS registry. I want anyone that purchases on the site to have to click they have read the disclaimer that will state al of our terms of conditions when they sign up, thus prior to purchasing. I can make it so they can only access the commerce with group permissions, thus making that possible, but I sont want people having to register both for xoops, and OS Commerce.

Those are my main questions ATM. Thank you in advance for what help you might provide. I am not an expert in PHP by any means, but I can find my way around. Just let me know what to look for and where it might be and I can take it from there.

Quote:

SSL encrypts all communications between your webserver and the client machine. That way if you have a logon box, the raw HTML POST data is encrypted an cannot be sniffed by any listeners on the network.

Quote:

Generally, XOOPS is very secure (or as secure as can be). The are currently no know vunrabilitie provided your are running the latest stable 2.1.13.1 version. For added measure I'd thrown in the Protector module as well (but some might disagree here).

Quote:

This is going to be your toughest challenge in my opinion. There have been several attempts to make OsCommerce a XOOPS module, which have succeeded in some degrees. None of these versions unified the logon/registration process. Personally, I blame OsCommerce's source code for this (it has issues). I've looked into this myself. It is doable but it ain't pretty.

As for unifying your forum logon Kodanshi might have done a logon hack so it might be worthwhile checking out his website.

Good luck.

Quote:

Is there a way to make OS Commerce log ons go through SSL then? And how do you create a SSL?

Quote:

Well a work around that sounds fine to me is to not require people to register at the XOOPS site and forums at all, only for the OS Commerce module. But its too simple to register for that, is there a way to add a TOS that they have to sign while registering for OS Commerce?

Also, I am not resigned to needing to use OS Commerce. I selected it out of the list here at XOOPS due to it seemed to be the most powerful one provided, but if you any know of another commerce module for XOOPS anywhere else thats just as powerful as OS Commerce but can be tied in with the XOOPS registry I will look that up.

I do know someone is working on a ZenCart XOOPS module here.

I could be wrong on this one but I do believe the author might have mentioned that he was attempting to unify the logins.

As for SSL. You need a webserver that supports SSL. You will also need to purchase a certificate off an authorising body. It is best to approach your webhost regarding this. Maybe someone else can eloborate on how to exactly setup an SSL server or space (as my understanding of it is sketchy as best).

Cheers.

Naz.

Thank you for the replys. Downloading the Zen hack ATM. Ill check that out. I saw in my controll panel from my host, a SSL Set up. So ill give them a ring and see what needs to be done for that. Thanks again :)