ProductCart Shopping Cart Software Forums : Registration E-Mail with Non-Secure Link

ProductCart Shopping Cart Software Forums : Registration E-Mail with Non-Secure Link https://forum.productcart.com/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sun, 12 Apr 2026 09:04:42 +0000 Wed, 13 Jul 2011 19:06:20 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.04 360 https://forum.productcart.com/RSS_post_feed.asp?TID=4608 <![CDATA[ProductCart Shopping Cart Software Forums]]> https://forum.productcart.com/forum_images/pc_logo_50.png https://forum.productcart.com/ <![CDATA[Registration E-Mail with Non-Secure Link : Actually, it's a security...]]> https://forum.productcart.com/registration-email-with-nonsecure-link_topic4608_post17958.html#17958 Author: SBW
Subject: 4608
Posted: 13-July-2011 at 7:06pm

Actually, it's a security issue simply by the fact that data is being submitted in a non-encrypted matter. That's the only issue I'm concerned about. It has nothing to do with someone else coming by and getting into their session.]]> Wed, 13 Jul 2011 19:06:20 +0000 https://forum.productcart.com/registration-email-with-nonsecure-link_topic4608_post17958.html#17958 <![CDATA[Registration E-Mail with Non-Secure Link : The login works on a session variable...]]> https://forum.productcart.com/registration-email-with-nonsecure-link_topic4608_post17954.html#17954 Author: intour
Subject: 4608
Posted: 13-July-2011 at 5:05pm

The login works on a session variable so they stay logged in during that browser session only though it will time out eventually.

For the situation you described to become a securtity issue the person would have to leave his/her computer logged into his/her email and be still logged into the prodcutcart browser session and someone else would have to come along and click the link before it timed out.

Nigel

]]> Wed, 13 Jul 2011 17:05:10 +0000 https://forum.productcart.com/registration-email-with-nonsecure-link_topic4608_post17954.html#17954 <![CDATA[Registration E-Mail with Non-Secure Link : Hi,I noticed that when...]]> https://forum.productcart.com/registration-email-with-nonsecure-link_topic4608_post17943.html#17943 Author: SBW
Subject: 4608
Posted: 09-July-2011 at 10:37am

Hi,

I noticed that when a customer registers, a welcome e-mail is sent out to the person and it has a non-secure link to the page that allows edits to the customer profile:

http://www.mycompany.com/productcart/pc/custPref.asp

Now, if the person is not logged in already, then this link actually takes the person to a secure login page first. After logging in, they can proceed to the profile page which is also secure.

However, if they are already logged in and they click the non-secure e-mail link, then they are taken to the profile page which remains non-secure.

I know this would be a rare event, but if someone does click the link for convenience after they are already logged in, then they would be submitting personal information in a non-secure manner. Is there any way to change this?

I could change the scStoreURL in the storeconstants.asp file, to use https instead of http, but that would affect other things as well. I'm told this could cause mixed content errors.

By the way, I'm sorry to not list the version of ProductCart I'm using. I'm just taking over a site and am not too familiar with it. I can't seem to find anything that tells me where the version number is listed. Any suggestions?

Thanks.

Edited by SBW - 14-July-2011 at 10:34am]]> Sat, 09 Jul 2011 10:37:00 +0000 https://forum.productcart.com/registration-email-with-nonsecure-link_topic4608_post17943.html#17943