jimjamuk Posted May 20, 2008 Posted May 20, 2008 Hi Guys, Just a few weeks away from "going live" with our site but have noticed a couple of threads about hacks and vulnerabilities. Whats the communities view of essential things to lock down before going live for a bog standard install of 2.2RC2??? Cheers jimjamuk
WoodsWalker Posted May 20, 2008 Posted May 20, 2008 I am in the same boat, James. Yes, it would be great if someone knowledgable could write up a summary of essential items to check for. The threads on this are disjointed and contradictory. You need: -Operational SSL, obviously. -And a PCI-compliant server, for what that's worth. But what about such things as permissions on sensitive files? Which files should be protected, and with what settings? A summary of this type of info info would be pure gold. Many thanks in advance to the community! ~Wendy
dmnalven Posted May 20, 2008 Posted May 20, 2008 http://www.oscommerce.info/kb/osCommerce/D...plementations/4 and http://www.oscommerce.info/kb/osCommerce/G..._and_Tricks/249 The subject of security is beyond the scope of osC alone. Much of a website's security is dependent upon ancillary applications such as the configuration of the webserver and operating system. About all the average user can do is certainly apply an SSL certificate to encrypt payment communications, ensure that unnecessary files and directories are not world writable and deny direct access to directories. Most of this is covered in the osC knowledge base at the 'Installation and Configuration' link in my signature below. For ALL problems, please review this link first -> osCommerce Knowledge Base
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.