SSL and form verification scripts

Report · Jan 17, 2007

We're building an ecommerce site with SSL protected checkout and account administration. We've just installed the SSl certificate and set-up the 2 sections as secure. However, in MS Explorer we get the "This page contains both secure and non-secure items" error message.

We've isolated this down the the includes for the 2 ColdFusion scripts used in form verification "/cfide/cfform.js" and "/cfide/masks.js" short of writing or adapting form verification scripts is there anyway I can force the pathnames to be "https://xxx.xxx.xxx/cfide/cfform.js"

I cannot edit the setting in the CF admin pages as the server runs multiple sites. I don't want the URl for the eCommerce site being seen in some of the other sites.

R

Report · Jan 17, 2007

Problem solved - it was the Google Analytics script. Changed it to secure version and works fine. All is now well with the world.

Report · Jan 17, 2007

I don't know if it will be a consideration for you, but CF only supports SSLv2 which is considered weak and vulnerable.

The desired protocols are the (SSL 3.0) protocol and Transport Layer Security (TLS 1.0) protocol.

SSLv2 is a server only authentication and the others are client & server.

You might want to check out this article on IE7 and SSLv2.

http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx

I started another thread asking when Adobe would upgrade CF to work with SSLv3 and if anyone knows of a 3rd party solution available now.

It seems hard to imagine but Adobe is already a few years behind the curve on this. They did not include support for the new technologies in the latest version and the old SSLv2 is being deprecated leaving nowhere to turn for secure communications.

Adobe Community

SSL and form verification scripts

1 Correct answer