Difference between revisions of "X-Cart:Security Profiles"
m |
m |
||
| Line 2: | Line 2: | ||
In X-Cart versions 4.5.5 and later, during X-Cart installation you can choose a security profile for your store. The two available options are '''Evaluation/Playground''' and '''Live store'''. | In X-Cart versions 4.5.5 and later, during X-Cart installation you can choose a security profile for your store. The two available options are '''Evaluation/Playground''' and '''Live store'''. | ||
| − | The store administrator selects the required security profile at the step [[X-Cart:Installing_X-Cart_Using_the_Installation_Wizard#Preparing to install X-Cart database | Preparing to install X-Cart database]] of X-Cart's web installation: | + | The store administrator selects the required security profile at the step [[X-Cart:Installing_X-Cart_Using_the_Installation_Wizard#Preparing to install X-Cart database | Preparing to install X-Cart database]] of X-Cart's web installation: |
[[File:Security_profile.png|border]] | [[File:Security_profile.png|border]] | ||
| + | The '''Live store''' security profile provides some security restrictions: | ||
| + | - protected mode ON | ||
| + | const PROTECT_DB_AND_PATCHES = 'ip'; | ||
| + | const PROTECT_ESD_AND_TEMPLATES = 'ip'; | ||
| + | - session id of admin user is locked to the IP subnetwork including the IP address from which the admin session originated | ||
| + | const PROTECT_XID_BY_IP = 'mask'; | ||
| − | + | const PROTECT_DB_AND_PATCHES - admin/db_backup.php | |
| + | CHANGE_SECURITY_OPTIONS | ||
| + | PATCH_FILES, PATCH_SQL | ||
| + | UPGRADE | ||
| + | |||
| + | const PROTECT_ESD_AND_TEMPLATES - Edit templates,FILE_OPERATIONS (Egoods) | ||
| + | |||
| + | live | ||
| + | |||
| + | const PROTECT_DB_AND_PATCHES = 'ip'; | ||
| + | const PROTECT_ESD_AND_TEMPLATES = 'ip'; | ||
| + | const PROTECT_XID_BY_IP = 'mask'; | ||
| + | |||
| + | test | ||
| + | |||
| + | const PROTECT_DB_AND_PATCHES = FALSE; | ||
| + | const PROTECT_ESD_AND_TEMPLATES = FALSE; | ||
| + | const PROTECT_XID_BY_IP = FALSE; | ||
| + | |||
| + | |||
| + | If you need to change the previously chosen security profile, re-run X-Cart's Installation Wizard with the option '''Update config only''' enabled, or simply edit your store's file <u>config.php</u> to readjust the values of the constants '''PROTECT_DB_AND_PATCHES''', '''PROTECT_ESD_AND_TEMPLATES''' and '''PROTECT_XID_BY_IP''' manually. | ||
[[Category:X-Cart user manual]] | [[Category:X-Cart user manual]] | ||
Revision as of 14:55, 28 January 2013
Under construction
In X-Cart versions 4.5.5 and later, during X-Cart installation you can choose a security profile for your store. The two available options are Evaluation/Playground and Live store.
The store administrator selects the required security profile at the step Preparing to install X-Cart database of X-Cart's web installation:
The Live store security profile provides some security restrictions: - protected mode ON
const PROTECT_DB_AND_PATCHES = 'ip'; const PROTECT_ESD_AND_TEMPLATES = 'ip';
- session id of admin user is locked to the IP subnetwork including the IP address from which the admin session originated
const PROTECT_XID_BY_IP = 'mask';
const PROTECT_DB_AND_PATCHES - admin/db_backup.php CHANGE_SECURITY_OPTIONS PATCH_FILES, PATCH_SQL UPGRADE
const PROTECT_ESD_AND_TEMPLATES - Edit templates,FILE_OPERATIONS (Egoods)
live
const PROTECT_DB_AND_PATCHES = 'ip'; const PROTECT_ESD_AND_TEMPLATES = 'ip'; const PROTECT_XID_BY_IP = 'mask';
test
const PROTECT_DB_AND_PATCHES = FALSE; const PROTECT_ESD_AND_TEMPLATES = FALSE; const PROTECT_XID_BY_IP = FALSE;
If you need to change the previously chosen security profile, re-run X-Cart's Installation Wizard with the option Update config only enabled, or simply edit your store's file config.php to readjust the values of the constants PROTECT_DB_AND_PATCHES, PROTECT_ESD_AND_TEMPLATES and PROTECT_XID_BY_IP manually.
