ViArt - PHP Shopping Cart
Select your currency:
American DollarBritish Pound

Viart Shop
ViArt Shop Free
ViArt Shop Light
ViArt Shop Standard
ViArt Shop Enterprise
Standalone CMS
ViArt Helpdesk
ViArt Shop Hosted
Design Layouts
Upgrade Version
Updates Extension

Services
Web Design
Hosting Services
Installation Service
Upgrade Service
Premium Support
SEO

Latest News
News
Articles
Press Releases
Shopping Cart Software News - ViArt Blog
2.5. Security issues
Prev Index Next

The basic problem is that web servers usually run on Unix machines as "nobody", but the ViArt Shop scripts run by the web server need to have access to the ViArt Shop "./images" folder... However, as the ViArt PHP Shopping Cart files are generally owned by a real user, the only way a script running as "nobody" can access and update this file is if the user grants the world read-write permissions to it. As you can imagine, this opens up security holes which then need to be plugged. There are several methods of doing this depending on where you are running ViArt Shop: On a Dedicated Server or a Shared Server (i.e. other users have access to your directories via telnet or FTP).

Another potential security hole is users guessing your username and password and locating the admin area. Restricting access to your administrative functions is something that should be done regardless of what type of server you are on.
By default the login and password to Administration are "admin"/"admin". You are advised to change these default settings as soon as the installation of the shop is completed. Also, you can set different Asministrators and different persmissions for these Administrators.
See see section 3.3 for more details.

How to activate SSL

In case you want to make your site a secure one, you can activate SSL on both Front and Back end. For this copy all files to the secure folder (if you have enough space) on your server. This variant is more preferrable. Or it is possible to copy only scripts and all the files from the /includes folder to the secure folder on your server.

Then go to Administration > System > Global Settings and activate SSL for User and/or Administrator area.

Note: When activating SSL, please keep in mind that your site URL and https URL should be the same, like: http://www.yoursite.com and https://www.yoursite.com. Also, you should have an SSL cetificate for this site which you're to put in a secure folder. Otherwise, your secure conection won't work correctly. More info is available at: (see section 3.1)

As well as securing your installation, you should also prepare for the worst. If possible, place all of your ViArt PHP Store tables in a separate database created exclusively for this purpose, and give it a different username and password than your other databases. If this is done, the worst that can happen if your security is hacked is that you loose your ViArt Shop (you are making regular backups, aren't you? - see section 2.4.1). Otherwise you might loose valuable business data (such as Sales Orders) or even your entire site.

There is one more security-related issue: credit card security (see section 4.2.1.2).

Prev Index Next
www.viart.com and www.codetosell.com are owned and operated by Viart Ltd
Scotswood House, Teesdale South, Thornaby Place, Stockton-on-Tees, TS17 6SB, England
Review our privacy policy, terms and conditions, site map.
© Copyright 2005-2008, ViArt Ltd. All rights reserved.Registered in England No. 5509262. VAT No. GB 877 9705 53.
ViArt - PHP Shopping Cart