X-Cart:Security Profiles

From X-Cart 4 Classic
Revision as of 14:55, 28 January 2013 by Dohtur (talk | contribs)
Jump to: navigation, search

Under construction

In X-Cart versions 4.5.5 and later, during X-Cart installation you can choose a security profile for your store. The two available options are Evaluation/Playground and Live store. The store administrator selects the required security profile at the step Preparing to install X-Cart database of X-Cart's web installation: Security profile.png

The Live store security profile provides some security restrictions: - protected mode ON 

const PROTECT_DB_AND_PATCHES = 'ip';
const PROTECT_ESD_AND_TEMPLATES = 'ip';

- session id of admin user is locked to the IP subnetwork including the IP address from which the admin session originated 

const PROTECT_XID_BY_IP = 'mask';

const PROTECT_DB_AND_PATCHES - admin/db_backup.php CHANGE_SECURITY_OPTIONS PATCH_FILES, PATCH_SQL UPGRADE

const PROTECT_ESD_AND_TEMPLATES - Edit templates,FILE_OPERATIONS (Egoods)

live 

const PROTECT_DB_AND_PATCHES = 'ip';
const PROTECT_ESD_AND_TEMPLATES = 'ip';
const PROTECT_XID_BY_IP = 'mask';

test 

const PROTECT_DB_AND_PATCHES = FALSE;
const PROTECT_ESD_AND_TEMPLATES = FALSE;
const PROTECT_XID_BY_IP = FALSE;


If you need to change the previously chosen security profile, re-run X-Cart's Installation Wizard with the option Update config only enabled, or simply edit your store's file config.php to readjust the values of the constants PROTECT_DB_AND_PATCHES, PROTECT_ESD_AND_TEMPLATES and PROTECT_XID_BY_IP manually.

Retrieved from "https://help.x-cart.com/index.php?title=X-Cart:Security_Profiles&oldid=10086"