- This topic has 6 replies, 3 voices, and was last updated 14 years ago by
.
-
Posts
-
Hello –
I’m setting up my ecommerce site and I’m going to be using paypal. I’ll be selling a handful of physical items so no digital stuff.
My question is, how important is it to have SSL? I was under the impression that the whole point of using paypal is that you don’t need a HTTPS site, but when I was customizing my paypal order page and wanting to upload a logo, etc., it made a point of saying that the logo image should be hosted on a secure server.
Anyway, this just got me wondering — do I really need a SSL/HTTPS for my site or not?
-JA
You don’t “really” need it, BUT it is “good for business” to have it. The PayPal recommendation is to protect against impersonation by sites other than yours. Customers are then “assured” that they are dealing with your site.
If you are not a large company dealing with large amounts of money, it is more of an image than a security item. But you should have SSL if you can afford it.
Okay — SSL/Security stuff is pretty new to me, but since we’re adding an ecommerce dimension to our site I’ve had to learn this quickly.
If I understand this correctly don’t you only need to have SSL or HTTPS on the ecommerce portion of your site? In other words it doesn’t blanket the entire thing but is just added to that part?
Sorry if I sound like a complete newb on this — I guess I am!
-JA
SSL is implemented through the use of SSL certificates. You pay for the certificate, regardless of whether or not you use it for all parts of the site or not.
When SSL is being used, all communications between the site and the user (or PayPal) are encrypted. In today’s computing environment, the overhead of doing full time encryption is minimal. Gmail is an example of full time SSL.
The only reasons I can see for not using full time SSL are:
1. You are using an el cheapo (free) hosting service that simply doesn’t have the capacity to support full time SSL.
2. You are running a mobile website. Most non smartphones (WAP enabled) have trouble doing SSL.
3. You are in a country that requires you to obtain a government license to use SSL.
You can also save on the cost of an SSL certificate by using what is called a “self signed” certificate. However, it is analogous to the business that makes up and posts its own “trust us” stickers. That, and the fact that most browsers issue warning messages when they detect self signed certificates.
@Jack, “I was under the impression that the whole point of using paypal is that you don’t need a HTTPS site” – That is not really the whole point of using PayPal as PayPal does have other advantages.
You are getting an error when trying to add a logo doesn’t mean your site have to be SSL. Everything presented on PayPal’s site uses SSL. You can’t have a non-trusted URL on an SSL page. So when you are trying to add a logo (URL of an image file) that will be presented on an SSL page, PayPal is telling you that the URL needs to be HTPPS as everything else that will be displayed on that page is also HTTPS. Does that make sense?
I am pretty sure you can upload the image to PayPal’s site rather than specifying an image from your site to get around the issue. If you upload the image file to PayPal’s site then it will get its own HTTPS URL that you can use on an HTTPS page (the PayPal checkout page).
PayPal does not provide secure image hosting. You either have to use SSL or a recommended “secure image hosting provider.”
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/solutions_imagehosting
My personal opinion is that it helps your business more to host the images on your own site than on [https://cheap-image-storage.com]
Besides, the monthly cost of these services is more than the yearly cost of an SSL certificate.
- You must be logged in to reply to this topic.