eCart Security
I've used eCart before, but this is the first time I have used it with paypal pro. It seems to be connecting fine to the sandbox. However I have some security concerns.
1. I notice that some pages contain all the API user, password, signature in them - and these are in the public part of the site (eg checkout.php). Is this safe? Surely if someone downloads that page or uses a tool like 'Site Import', they'll have the api access details?
2. As my other eCart sites were just paypal std, I had no need for SSL. But I'll need to add SSL for the pro integration, which is fine. But as an SSL novice (my host will install for me) - do I need to place all the https required pages in a separate folder from the non ssl files. And do I need to put all ssl assets (images, css, javascript, webassist files etc etc) in the same folder as the SSL files. Or will I get a 'This page contains both secure and non secure......' warning if I don't.