0001253: Security warning when logging into admin area

ID	Project	Category	View Status	Date Submitted	Last Update

0001253	OXID eShop (all versions)	2. ----- eShop backend (admin) -----	public	2009-08-27 10:20	2009-09-04 14:09

Reporter	henriks	Assigned To
Priority	high	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	4.1.5 revision 21618
Fixed in Version	4.1.6 revision 22740

Summary	0001253: Security warning when logging into admin area
Description	All current browsers display a warning alert window because of mixed security contents, after successful login to admin area, if the admin-area is hosted on an ssl-enabled webserver (which it definetly should be!!) This is due to the left-bottom frame which is loaded from a non-ssl host: http://admin.oxid-esales.com/CE/4.1.5/germany/de/banners/navigation.html and same applies to the bottom frame: http://admin.oxid-esales.com/CE/4.1.5/germany/de/banners/home.html It should be easily possible - depending on the usage of ssl or non-ssl in the admin-backend - decide to load content from a ssl or non-ssl host at admin.oxid-esales.com
Tags	No tags attached.

Theme
Browser	All
PHP Version	5.2.6
Database Version	5.0.33

dainius.bigelis 2009-08-27 12:49 reporter ~0001543 Last edited: 2009-08-27 13:43	The ssl certificates will be bought. So the fix is needed in the shop admin, to manage the links for downloading content from admin.oxid-esales.com. Or maybe always download the content from https ?

arvydas_vapsva 2009-09-04 14:09 reporter ~0001653	fixed