SSL not forced in Admin

10 年 前
I have noticed that when I view orders in my ADMIN section SSL is not forced.  On top of that the CC info is displayed which means that we are passing sensitive customer data and CC info without using SSL

I am in the process of updating my ADMIN section to force SSL on Order and Customer pages, we also delete the CC info from the database after order processing (To be PCL compliant)

Just something the Nopcommerce team may want to fix for the next release
10 年 前
1. Admin area uses SSL (if it's enabled)
2. CC info is not stored into database (except manual payment method).

P.S. Presume you're using not 1.5 version
10 年 前
In master page of admin area i.e. main.master

Add following in page_load event of that master page.

if (!Page.IsPostBack)
{
       CommonHelper.EnsureSSL();
}