SSL not forced in Admin

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
13 years ago
I have noticed that when I view orders in my ADMIN section SSL is not forced.  On top of that the CC info is displayed which means that we are passing sensitive customer data and CC info without using SSL

I am in the process of updating my ADMIN section to force SSL on Order and Customer pages, we also delete the CC info from the database after order processing (To be PCL compliant)

Just something the Nopcommerce team may want to fix for the next release
0
13 years ago
1. Admin area uses SSL (if it's enabled)
2. CC info is not stored into database (except manual payment method).

P.S. Presume you're using not 1.5 version
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
0
13 years ago
In master page of admin area i.e. main.master

Add following in page_load event of that master page.

if (!Page.IsPostBack)
{
       CommonHelper.EnsureSSL();
}
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.