Method Community

I want to input payment and credit card info using Method.  I can I ensure it is safe to add the personal data while logged onto Method.  I see that I can save a screen with "https" but after testing, I can't see any visible evidence that the screen is secure.  Any suggestions would be appreciated.

James Stapleton

Hello James,

Thanks for using our forum, this is a very good concern since security is so important.  The way Method works is that there is a main Default.aspx page, and then all the screens are “frames” inside the Default page.  You can tell a page is secure by hovering your mouse over the tab link.  If this screen was by itself, and not a frame inside Default.aspx, you would see the little secure lock symbol.  This shows that it is an https page instead of an http page.  But rest assured, it is still there, just not visible. 

An example for those users who are not sure what tab links are;  the first tab link under Customer Centre is ‘Customer List’.  I hope this clears up any uncertainty you had.

So do I make a screen secure by simply marking the "https" option in the screen setup or is there something more?  Also, using the hover action you spoke of...what browser were you using to get the security to show up?

 Hi James,

Yes, you make a screen secure by going into the Advance Screen Properties and checking the checkbox for "Is a https secure page?".

You can use Internet Explorer or FireFox and you would be able to see whether the page is 'https' by hovering over the tab link.  I have also attached a screen shot as a visual representation.

I can see the "https" showing up, however, how do I verify it indeed is secured. I'd rather see that showing up in the address bar of the browser, and the secured lock icon either on the right side of the address bar (IE) or on the bottom right (Firefox). Is that possible?

 Hi Seny,

In order to help you understand this better, I have to give you a little technical explanation. The way Method works is that there is a main Default.aspx page, and then all the screens are “frames” inside the Default page. You can tell a page is secure by hovering your mouse over the tab link.  This shows that it is an https page instead of an http page.

If this screen was by itself, and not a frame inside Default.aspx, you would see the little secure lock symbol. But rest assured, it is still there, just not visible. Hope this helps.

I did successfully make the screen that I wanted to be secure, however, I have another problem here, which is that:

When you try to link that secured screen from a non-secured screen, it becomes unsecure. Furthermore, all the links from the secured screen will not navigate to the desired tab-link. For instance, if I made the customer list screen secure, within that screen there is a Transactions Tab, and in that tab, there is a grid where you will have some transactions including invoices. But if you click Go to... link and tries to go to the invoice screen, it will not work. However, if I make the customer list screen unsecure, it turns out ok.

Can somebody let me know what is going on there?

 Hello Seny,

How are you linking to the secured screen from a non-secured screen? Are you using the 'Go To Tab Link' or 'Show screen in pop up' actions? If you are, then you cannot hover over the tab link to see 'https'. In this case, the only way to verify that the screen is 'https'; is to go into the Advanced screen properties edit window and ensure that 'Is https secure page?' is checked. We'll be looking into how we can better indicate when a screen is secured using 'https', since it's being more and more requested.

I'm looking into the second part of your post. Where you click on the 'Go to...' link under the Transactions tab section on the Customer List (secure page). When I attempted it I got a pop up message. As soon as I get some feedback on this I'll update you.

 Any updates on this issue? Right now our real data is on the method server, we want to make sure it is encryped when transmitted. If this can not be done, we need to look something else, despite how much I like Method.

 Hi Seny,

I'm still waiting on an update on this. As soon as I get any updates I'll let you know.

 Can you give me a timeframe when this is going to happen, because we are really running out of time, we can't wait and do nothing, as we need a system to keep our business running. I know eventually you will get this resolved, but if it has to be three month later down the road, then this is not what we want.

Seny -

If you like, you can take advantage of something that we have hidden in the "labs" right now, that basically turns all pages to be automatically https across the board. 

I'm not sure when this would become public except for those that read this forum post, but probably not until the end of this month or early September.

But to get the feature now, you and your staff can simply login to Method at this location:

https://www.methodintegration.com/method/login.aspx?DefaultSecure=True

The "&DefaultSecure=True" at the end of the URL tells the login form to treat all pages as https.

The downfall of this is that it is slightly slower, since SSL has an extra layer of encryption/decryption, so it is encrypting everything on the site, even parts that are not considered private information like javascript libraries and images.  However, based on your needs, it sounds like this is exactly what you want, so I encourage you to try it out now.

Hope that helps,

Paul

 Perfect. That is exactly what I want.

And you know what, it seems faster than the unsecured one.

Thank you so much.

Yeah, that is funny.  That goes against all logic of SSL........but I see what you mean, it zips along.  Just wait until you see the September releases.....there's a lot in store. :)

Paul

 Can you tell me if this has changed in the current Method CRM as of 6/5/2012?  I'm not seeing a lock when hovering over an unmodified Customers/Invoices tab link.