I figured out the problem with the url.  All is fine and https does indeed work with graphics now.


If anyone needs a secure link to their graphics/logo for a PayPal custom payment page, you can use the shared security via LunarPages.  You do not need to purchase a service or worry about certificates, etc.

The sample url is:

https://secure.server.lunarpages.com/~userid/yourgraphic.gif

If you have HotLink Protection enabled via CPanel, you need to add https://www.paypal.com to your access list per GMTurner post below.

People can find your server from your whois info. Your username is not useful without your password.

I was able to get a secure image path working with my server and username. So apparently the information provided is not adequate.

If you're not comfortable leaving the info up, you can always remove it after you got help. But you have to understand that people need certain information in order to help you. We're not trying to be nosy.

Another thing to consider is the url will be in the webpage that contains the image. So if you REALLY don't want to reveal your server and username, you would need to purchase your own SSL certificate so you can use your domain name.

well, if you had given us more to go on we might have been able to answer the question better...

Also, changing the post that contained the original question makes it hard for people in the future to understand the replies and see if they apply or not. It is very possible that for other people with a similar problem, hotlink protection might be an issue....

And the fact of the matter is, your servername and username will appear in that link on your page as TranzNDance mentioned so if someone does not want the servername & username to appear anywhere, then a personal SSL would be needed...

If you are displaying the image on a page (whether it is on your site or somewhere else), then the link to the image has to appear in the source code of the page. Since the source code of the page has to be downloaded to the users computer in order for it to be shown in a browser, it can be viewed by the user. For example, if you view the source code of this page, you will see the links to all of the images. So, if you have an image being shown using HTML (eg <img src="https://secure.server.lunarpages.com/~userid/yourgraphic.gif" />), viewing the source code of the page that has that image will show the servername and userid. If you entered that URL for the image somewhere (e.g. when setting up the custom paypal page), then it is probably in the source code of that page. Unfortunately, this is the way the web works...

I understand your concern about privacy, security, etc., but it is important to be aware that there are several other ways this sort of information (servername and username) could be obtained. A tracert to your domain will end with the server that you are on. (e.g. a tracert to lunarforums.com ends at galaxy.lunarpages.com). Any email that is sent out via LP's server will have your account name in the headers along with the servername (normally not displayed, but available by viewing all the headers). So really, although a personal SSL would mean you could link to https://yourdomain.com/image.gif and not show the server/username that way, the info is still available in other ways to anyone who really wants to find it.

I guess the main thing that I'm trying to get across is that you shouldn't get a false sense of security by thinking that if you don't post your servername that no one can figure out what it is. At the same time though, having your servername known is not a huge security risk. Having your username out there is a little more of a risk, but provided you have a strong, secure password, it isn't somethign worth worrying about too much.

Glad you got everything working

none taken

And the main thing is that you were able to get it sorted out