Guest Posted May 22, 2008 Posted May 22, 2008 Hello, I recently completed a OSC store and have been contacted by the owner regarding the security of customer information. It would appear some of his customers have expressed concerns about their names, address and telephone number being in the store database that is created during 'create an account'. I searched some of the forums looking for security issues but couldn't find anything. Question: Is customer information at risk with OSC ?? If so, is there something that can be done to secure it ? Thanks for all replies...... Chris
Jack_mcs Posted May 22, 2008 Posted May 22, 2008 It's at risk on the shop side if you do not have an ssl installed. It is at risk on the admin side if you don't have admin password protected. Enabling ssl on the admin side will also lessen the chance of a problem. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Guest Posted May 22, 2008 Posted May 22, 2008 It's at risk on the shop side if you do not have an ssl installed. It is at risk on the admin side if you don't have admin password protected. Enabling ssl on the admin side will also lessen the chance of a problem. Jack Thank you for the response Jack. An SSL is being looked at already. I was just wondering if that would be enough or if I had to take other measures to secure it as well. Thanks again for your reply
maxxxie Posted May 22, 2008 Posted May 22, 2008 Thank you for the response Jack. An SSL is being looked at already. I was just wondering if that would be enough or if I had to take other measures to secure it as well. Thanks again for your reply SSL encrypts data as it is passed between your customer's web browser and your web site. It does NOT protect data once it's stored in your server's database. Security is a multi-layered thing. A password on your admin side will protect it, provided the password is not guessable, not able to be found in a dictionary, and sufficiently complicated to be too much trouble to be bothered trying to crack. A poorly-written contribution might make make your site vulnerable to SQL injection attacks, exposing your site's data to people who like exploiting poorly-written code. They can do this without guessing any passwords, just by crafting an appropriate SQL statement and using it as input to badly-written code. Incorrect folder and/or file permissions can make your source code vulnerable to modification. There's plenty of advice on all of these topics in these forums, and I am not a security expert - just someone who wants to make sure you know that SSL is not a silver bullet. Cheers, Max
Recommended Posts
Archived
This topic is now archived and is closed to further replies.