Difference between revisions of "LiteCommerce:AdvancedSecurity"

From X-Cart 4 Classic
Jump to: navigation, search
(Installing the Module)
(Installing the Module)
Line 26: Line 26:
 
To successfully install '''Advanced Security''' add-on module your shopping system requires LiteCommerce shopping cart software version 2.x to be installed at your online store.
 
To successfully install '''Advanced Security''' add-on module your shopping system requires LiteCommerce shopping cart software version 2.x to be installed at your online store.
  
{{Note: Since we are using an external utility (GnuPG), the functions "exec" and "popen" should be enabled on your web server. If necessary, ask your hosting provider to remove open_basedir restriction for accessing the GnuPG executable.}}
+
{{Note|Since we are using an external utility (GnuPG), the functions "exec" and "popen" should be enabled on your web server. If necessary, ask your hosting provider to remove open_basedir restriction for accessing the GnuPG executable.}}
  
 
Select the 'Modules' section in the 'Settings' menu of the Administrator Zone. The list of currently installed modules will appear. To install a module ('''Advanced Security''' in our case) click on the ''''Browse…'''' button, select the module's ''''.tar'''' file and click on the ''''Install'''' button to add the module to your store setup.
 
Select the 'Modules' section in the 'Settings' menu of the Administrator Zone. The list of currently installed modules will appear. To install a module ('''Advanced Security''' in our case) click on the ''''Browse…'''' button, select the module's ''''.tar'''' file and click on the ''''Install'''' button to add the module to your store setup.

Revision as of 19:33, 7 February 2010

Introduction

LiteCommerce Advanced Security add-on module is highly recommended for the shop owners who are going to store credit card numbers in the database or include them in email notifications. The module supports strong encryption of credit card numbers and email messages with Gnu Privacy Guard (GnuPG) technology.

GnuPG encrypts information using asymmetric keypairs individually generated by GnuPG users. Each pair consists of a private key and a public key. Information encrypted using the private key can be decrypted by using the public key and vice versa. For more information go to GnuPG home page: http://www.gnupg.org.

Once the add-on is installed, properly configured and encryption is enabled neither unauthorized database access nor intercepted email messages with sensitive data would cause any security problems. To access the encrypted data from the admin menu a private key password is required.

Gnu Privacy Guard is freeware encryption software not included in Advanced Security package. GnuPG v1.2.3 or newer needs to be installed on your system in order for the add-on to work. Please visit GnuPG download page to choose a package for your platform.

Note: Since we are using an external utility (GnuPG), the functions "exec" and "popen" should be enabled on your web server. If necessary, ask your hosting provider to remove open_basedir restriction for accessing the GnuPG executable.

To make working with GnuPG easier, many special applications can be used. One of the most comprehensive is Gpg4win. Gpg4win is an installer package for Windows (95/98/ME/2000/XP/2003) with computer programs and handbooks for email and file encryption. Gpg4win and the software included with Gpg4win are Free Software. The package may consist of several applications, including:

  • GnuPG: The core; this is the actual encryption tool
  • WinPT: A key manager and helper for various encryption matters. The documentation can be found here: http://encoderx.eu/security/winpt.php
  • GPA: Another key manager
  • GPGol: A plugin for Microsoft Outlook 2003 (email encryption)
  • GPGee: A plugin for Microsoft Explorer (file encryption)
  • Sylpheed-Claws: A complete email program including the plugin for GnuPG

GnuPG software for Mac OS X can be found at http://macgpg.sourceforge.net.

Installing the Module

To successfully install Advanced Security add-on module your shopping system requires LiteCommerce shopping cart software version 2.x to be installed at your online store.

Note: Since we are using an external utility (GnuPG), the functions "exec" and "popen" should be enabled on your web server. If necessary, ask your hosting provider to remove open_basedir restriction for accessing the GnuPG executable.

Select the 'Modules' section in the 'Settings' menu of the Administrator Zone. The list of currently installed modules will appear. To install a module (Advanced Security in our case) click on the 'Browse…' button, select the module's '.tar' file and click on the 'Install' button to add the module to your store setup.

LC-ASc-01

'Advanced Security' module will appear in the list of the installed modules; it will be activated automatically.

To deactivate the module, unselect the 'Active' check box against the module title and click on the 'Update' button. To completely uninstall the module, click on the 'Uninstall' button.

LC-ASc-02

Generating keys

Configuring the Module

GnuPG settings

nuPG keyring settings

Testing configuration

Secure order management

Encrypting order details

Decrypting order details

Setting up email client software

Outlook Express

The Bat!

MS Outlook

Customer Zone