I'm getting a "Partial Encryption" warning - I believe due to my database residing outside of my domain, as recommended at install. How do I get around this, or is my only option to move my data folder back inside my domain?
PS: This phpBB may win an award for worst search results ever!
Partial Encryption
10 posts
• Page 1 of 1
Partial Encryption
by stilfx » Fri Apr 13, 2007 6:29 pm
- stilfx
- Posts: 42
- Joined: Wed Dec 13, 2006 7:56 pm
by Jim » Sat Apr 14, 2007 7:57 am
I have never seen a "partial encryption" warning. Is the warning coming from a ShopSite screen or from the server?
The data must reside on the same server as the domain but it shouldn't be under the output directory where your html pages are located. For security reasons you want in in a location that can't be accessed from the web. The data does need to be accessible by the ShopSite cgis so depending on how your server is configured it may have to reside in an area reserved for a particular domain.
The data must reside on the same server as the domain but it shouldn't be under the output directory where your html pages are located. For security reasons you want in in a location that can't be accessed from the web. The data does need to be accessible by the ShopSite cgis so depending on how your server is configured it may have to reside in an area reserved for a particular domain.
- Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
by stilfx » Sun Apr 15, 2007 9:19 am
Partial Encrytion message is basicly, the broken or crossed out lock, depending on the browser — with the following message:
Right now I'm set up like this:
../datafolder/
../domain.com/
The SSL cert is only encrypting ../domain.com/. I suppose I can just move the data folder inside the domain and set my structure up like this to avoid the issue:
../domain.com/datafolder/
../domain.com/shop/
I was just a bit unclear from the beginning I suppose.
Right now I'm set up like this:
../datafolder/
../domain.com/
The SSL cert is only encrypting ../domain.com/. I suppose I can just move the data folder inside the domain and set my structure up like this to avoid the issue:
../domain.com/datafolder/
../domain.com/shop/
I was just a bit unclear from the beginning I suppose.
- stilfx
- Posts: 42
- Joined: Wed Dec 13, 2006 7:56 pm
by Jim » Sun Apr 15, 2007 12:06 pm
That messages is coming from the webserver not ShopSite.
What do you have in your "datafolder"? If all you have in it is the store data directory where the databases and config file for the store are contained then you should be fine not having it under the ../domain.com path. However if you are including your html output files and images (media folder) in your datafolder then that would cause a problem. Nothing in the store's data folder (containing the databases and config files ) should be accessible from the web. Obviously your images and html files must be accessible from the web or they won't be visible on line. So that part of your store must reside under the ../domain.com/ folder.
The more likely problem is that you have some items (images, scripts etc) on your secure page that are secure and some that are not. The ones that are not secure would cause an error similar to what you report. Quite often this happens if you use a group of hard coded images or scripts in a header file that you include in your templates. These images would have the normal url http://domain.com/... but when you go to a secure page they need to be referenced as https://domain.com/...
What do you have in your "datafolder"? If all you have in it is the store data directory where the databases and config file for the store are contained then you should be fine not having it under the ../domain.com path. However if you are including your html output files and images (media folder) in your datafolder then that would cause a problem. Nothing in the store's data folder (containing the databases and config files ) should be accessible from the web. Obviously your images and html files must be accessible from the web or they won't be visible on line. So that part of your store must reside under the ../domain.com/ folder.
The more likely problem is that you have some items (images, scripts etc) on your secure page that are secure and some that are not. The ones that are not secure would cause an error similar to what you report. Quite often this happens if you use a group of hard coded images or scripts in a header file that you include in your templates. These images would have the normal url http://domain.com/... but when you go to a secure page they need to be referenced as https://domain.com/...
- Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
by stilfx » Mon Apr 16, 2007 6:04 pm
Thanks for thinking this through with me Jim, I really appreciate it. Looking back I suppose it was a bit lazy on my part assuming the data folder was to blame.
Turns out to be Google Analytics Urchin Module triggering the partial encryption error.
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct="UA-#######-#";
urchinTracker();
</script>
...is what I'm getting in my cart pages generated by SS.
This needs to use the encrypted address instead:
https://ssl.google-analytics.com/urchin.js
Shopsite isn't generating the ssl string in the cart?
I know I can manually add the script to the template pages, but that doesn't fix whats going on here in the SS analytics config panel.
Turns out to be Google Analytics Urchin Module triggering the partial encryption error.
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct="UA-#######-#";
urchinTracker();
</script>
...is what I'm getting in my cart pages generated by SS.
This needs to use the encrypted address instead:
https://ssl.google-analytics.com/urchin.js
Shopsite isn't generating the ssl string in the cart?
I know I can manually add the script to the template pages, but that doesn't fix whats going on here in the SS analytics config panel.
Last edited by stilfx on Mon Apr 16, 2007 6:52 pm, edited 1 time in total.
- stilfx
- Posts: 42
- Joined: Wed Dec 13, 2006 7:56 pm
by Jim » Mon Apr 16, 2007 6:46 pm
What version of ShopSite are you using? Is ShopSite generating the analytic code for you or have you put it in your template? I know that a fix for the secure url was added to ShopSite 8.3 to use the https url when on secure shopping cart pages. If possible you should upgrade to that version.
- Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
by stilfx » Tue Apr 17, 2007 9:05 am
Upgraded, patched to 8.3. Created a full regen and I still get the same urchin code.
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct="UA-#######-1";
urchinTracker();
</script>
(Note: I blocked out the acct number #)
Sidenote: I also notice that my .htaccess rewrite in no longer works with 8.3. I suppose this has to do with the way 8.3 "secures" the cart pages?
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct="UA-#######-1";
urchinTracker();
</script>
(Note: I blocked out the acct number #)
Sidenote: I also notice that my .htaccess rewrite in no longer works with 8.3. I suppose this has to do with the way 8.3 "secures" the cart pages?
- stilfx
- Posts: 42
- Joined: Wed Dec 13, 2006 7:56 pm
by Jim » Tue Apr 17, 2007 9:33 am
Upgrading a store should have no affect on the .htaccess file. Something else on your server would have had to change that, for example manually resetting the password on the the server instead of changing it within ShopSite.
Note that the secure url will only be used on the secure shopping cart pages not on your regular store pages. Were you looking at a secure shopping cart page or at a regular store page?
Note that the secure url will only be used on the secure shopping cart pages not on your regular store pages. Were you looking at a secure shopping cart page or at a regular store page?
- Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 119 guests