2 Replies Latest reply on Jan 17, 2007 9:29 AM by spartacustriumvirate

    SSL and form verification scripts

    robnollie
      We're building an ecommerce site with SSL protected checkout and account administration. We've just installed the SSl certificate and set-up the 2 sections as secure. However, in MS Explorer we get the "This page contains both secure and non-secure items" error message.

      We've isolated this down the the includes for the 2 ColdFusion scripts used in form verification "/cfide/cfform.js" and "/cfide/masks.js" short of writing or adapting form verification scripts is there anyway I can force the pathnames to be "https://xxx.xxx.xxx/cfide/cfform.js"

      I cannot edit the setting in the CF admin pages as the server runs multiple sites. I don't want the URl for the eCommerce site being seen in some of the other sites.

      R
        • 1. Re: SSL and form verification scripts
          robnollie Level 1
          Problem solved - it was the Google Analytics script. Changed it to secure version and works fine. All is now well with the world.

          • 2. Re: SSL and form verification scripts
            spartacustriumvirate
            I don't know if it will be a consideration for you, but CF only supports SSLv2 which is considered weak and vulnerable.

            The desired protocols are the (SSL 3.0) protocol and Transport Layer Security (TLS 1.0) protocol.

            SSLv2 is a server only authentication and the others are client & server.

            You might want to check out this article on IE7 and SSLv2.

            http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx

            I started another thread asking when Adobe would upgrade CF to work with SSLv3 and if anyone knows of a 3rd party solution available now.

            It seems hard to imagine but Adobe is already a few years behind the curve on this. They did not include support for the new technologies in the latest version and the old SSLv2 is being deprecated leaving nowhere to turn for secure communications.