Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Forum Search
Google Site Search
Buy now for ...
How it works
General help
 All Forums
 Technical
 ASP (Windows server) versions
 Security Considerations
 Topic Locked
Author « Topic     

Andy
ECT Moderator

95440 Posts

Posted - 05/27/2008 :  09:38:34  
Security Considerations

At Ecommerce Templates we take security very seriously and have put some measures in place to maximize the integrity of your online store.

Please go through the following steps

Make sure your database isn't downloadable
You can test this yourself by typing in the address eg www.yourstoreurl.com/fpdb/vsproducts.mdb. If you receive an option to download the .mdb file then it may mean that people can access your database.
Please check with your host if you have any doubts at all. Most hosts will provide you with a directory below the root of your web with the correct permissions already set.

Change the name of the file vsproducts.mdb
This is quite simple but do back up the database first just in case.
Rename vsproducts.mdb to whateveryoulike.mdb and in db_conn_open.asp change the instance there of vsproducts.mdb to whateveryoulike.mdb
No other changes are necessary

Change the name of the vsadmin folder
This again is quite simple. Download the vsadmin folder, rename it and upload it to ther server again.
In the old vsadmin folder (the one that is still called vsadmin) open includes.asp and add these two lines:
disallowlogin=TRUE
notifyloginattempt=TRUE
When updating remember you will need to upload the updater files to both the new and old folders.
Make sure you change the name of the vsadmin folder outside of your HTML editor so paths are not messed with.

Change the default password / login
This is the second thing you should do after making sure your database is not downloadable. Also be sure to use DIFFERENT username / password combinations for your control panel, FTP, bank etc etc.

Back-ups
Do make sure that your host has a system in place for backing up your site. You can also make regular back-ups yourself but if there is any problem with your local copy, it's important to be sure the host has a good recent copy.

Check again
Check the above points at regular intervals in case permissions get changed or files get overwritten. Passwords and logins should also be regularly changed.

Read our files on fraud and checks
https://www.ecommercetemplates.com/help/fraud.asp
https://www.ecommercetemplates.com/help/checklist.asp

Andy
ECT Moderator

95440 Posts
Posted - 06/03/2017 :  03:14:41  
In Version 6.7 we added a new layer of security using a loginkey in the URL. Details of the set up are available in our parameters page

https://www.ecommercetemplates.com/help/ecommplus/parameters.asp#loginkey

You probably wouldn't now need to use the second renamed vsadmin method above if you choose to use this new recommended approach.

Please feel free to review / rate our software
  « Topic     
 Topic Locked
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.02 seconds. Snitz Forums 2000