The secure/insecure nuisance: Ok, I see that you have the codebase param in your flash logo's markup referencing the http page rather than the https page. This is supposed to cause the warning you're seeing. ----------------------------- <OBJECT id=logo codeBase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab #version=6,0,0,0 height=85 width=250 align=middle classid=clsid:d27cdb6e-ae6d-11cf-96b8-444553540000><PARAM NAME="allowScriptAccess" VALUE="sameDomain"><PARAM NAME="allowFullScreen" VALUE="false"><PARAM NAME="wmode" VALUE="transparent"><PARAM NAME="movie" VALUE="/flash/logo.swf"><PARAM NAME="quality" VALUE="high"><PARAM NAME="bgcolor" VALUE="#344c73"> <embed src="/flash/logo.swf" quality="high" bgcolor="#344c73" width="250" height="85" name="logo" align="middle" allowScriptAccess="sameDomain" wmode="transparent" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"; style="float: left; margin-top: 10px;" /> </OBJECT> ----------------------------- Try changing http to https in the 'codebase' line when your're in https (this probably means rewriting a helper -- just a guess).
See (MM talking about the problem in a non-cake context): http://www.macromedia.com/cfusion/knowledgebase/index.cfm?event=view&id=KC.t n_16588&extid=tn_16588&dialogID=19204476 Matt -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of bonkycat Sent: Saturday, July 11, 2009 7:49 PM To: CakePHP Subject: Abandoned by developer using CakePHP, need help with web security emergency I have read and searched for help, but my limited (lack) of understanding is a serious handicap. I can't seem to see what version of CakePHP he used to build my site, my apologies in advance. The developer left my site half built, but functional, and I do need someone to complete the work, but have two urgent issues that I am begging for help with. My ssl cert: I have purchased and activated this but it is not protecting my checkout. I managed to get a friend to provide temporary assistance, but it is only covering checkout if a customer does NOT log in. I would really appreciate assistance and direction in getting my site completely protected without having a customer click a pop-up box to display secure and not secure items at every click. My Testimonials: I am dealing with 900 spam entries daily that I have to remove from my database in batches. The same friend helped by stopping the page being shown live where a testimonial could be submitted, but the spammers are clearly using a link to the page not showing live on the web. I either need to have total control of the testimonials before they appear live, or force a log in to be able to leave a testimonial. I am happy with whatever provides the fastest, easiest solution. I will even consider removing the testimonials submission page altogether. (If I had been able to find this page it would be long gone) My site is hosted with godaddy and I have access to all of my files. My website is: www.gemni-gems.com. Thank you in advance, Lisa --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
