Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Customer Information Security


Guest

Recommended Posts

Hello,

 

I recently completed a OSC store and have been contacted by the owner regarding the security of customer information. It would appear some of his customers have expressed concerns about their names, address and telephone number being in the store database that is created during 'create an account'. I searched some of the forums looking for security issues but couldn't find anything.

 

Question: Is customer information at risk with OSC ?? If so, is there something that can be done to secure it ?

 

 

Thanks for all replies......

 

 

 

Chris

Link to comment
Share on other sites

It's at risk on the shop side if you do not have an ssl installed. It is at risk on the admin side if you don't have admin password protected. Enabling ssl on the admin side will also lessen the chance of a problem.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

It's at risk on the shop side if you do not have an ssl installed. It is at risk on the admin side if you don't have admin password protected. Enabling ssl on the admin side will also lessen the chance of a problem.

 

Jack

 

Thank you for the response Jack.

 

An SSL is being looked at already. I was just wondering if that would be enough or if I had to take other measures to secure it as well.

 

Thanks again for your reply

Link to comment
Share on other sites

Thank you for the response Jack.

 

An SSL is being looked at already. I was just wondering if that would be enough or if I had to take other measures to secure it as well.

 

Thanks again for your reply

 

SSL encrypts data as it is passed between your customer's web browser and your web site. It does NOT protect data once it's stored in your server's database. Security is a multi-layered thing. A password on your admin side will protect it, provided the password is not guessable, not able to be found in a dictionary, and sufficiently complicated to be too much trouble to be bothered trying to crack.

 

A poorly-written contribution might make make your site vulnerable to SQL injection attacks, exposing your site's data to people who like exploiting poorly-written code. They can do this without guessing any passwords, just by crafting an appropriate SQL statement and using it as input to badly-written code.

 

Incorrect folder and/or file permissions can make your source code vulnerable to modification.

 

There's plenty of advice on all of these topics in these forums, and I am not a security expert - just someone who wants to make sure you know that SSL is not a silver bullet.

 

Cheers,

Max

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...