Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Securing OScommerce


jimjamuk

Recommended Posts

Hi Guys,

 

Just a few weeks away from "going live" with our site but have noticed a couple of threads about hacks and vulnerabilities. Whats the communities view of essential things to lock down before going live for a bog standard install of 2.2RC2???

 

Cheers

 

jimjamuk

Link to comment
Share on other sites

I am in the same boat, James.

 

Yes, it would be great if someone knowledgable could write up a summary of essential items to check for. The threads on this are disjointed and contradictory.

 

You need:

-Operational SSL, obviously.

-And a PCI-compliant server, for what that's worth.

 

But what about such things as permissions on sensitive files? Which files should be protected, and with what settings? A summary of this type of info info would be pure gold.

 

Many thanks in advance to the community!

~Wendy

Link to comment
Share on other sites

http://www.oscommerce.info/kb/osCommerce/D...plementations/4

and

http://www.oscommerce.info/kb/osCommerce/G..._and_Tricks/249

 

The subject of security is beyond the scope of osC alone. Much of a website's security is dependent upon ancillary applications such as the configuration of the webserver and operating system.

 

About all the average user can do is certainly apply an SSL certificate to encrypt payment communications, ensure that unnecessary files and directories are not world writable and deny direct access to directories. Most of this is covered in the osC knowledge base at the 'Installation and Configuration' link in my signature below.

For ALL problems, please review this link first -> osCommerce Knowledge Base

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...