In order to ensure that your VPCart
site is as secure as possible, we recommend following these security steps after
upgrading in order to double-check that all recommendations have been
implemented.
A. Removing “Installation” folder and
“Upgrade” folder
Delete the following folders from your VPCart site:
- Installation
- Upgrade
Remote Users: Please ensure that you have deleted all these folders on both your local PC and your remote server.
B. Change
the default ADMIN folder name to a unique name
To protect your
admin, we strongly recommend changing the ADMIN folder name to something unique
and hard to guess.
C. Removing “default.htm”
file
Please delete
the default file in root of your VPCart site : default.htm.
This is the
default file that will show the upgrade button which should be deleted when
after upgrade completed.
D.
Removing copy of default database
Please delete the default MS Access
file that comes with the installation.
The database name
is “shopping900.mdb,” which is located in the
“database” folder.
E. Removing
“diag_smstest.asp” file
Please delete the “diag_smstest.asp” file located in the “admin” folder.
Remote Users: Please ensure that you have deleted this file on both your local PC and your remote server.
F. Credit Card Storage
Settings
VPCart recommends that you DO NOT store
credit card numbers.
If you take
credit card numbers into your system rather than using a Payment Gateway, we
recommend that you delete the credit card number as soon as the order has been
processed.
This can either
be done manually or the shopa_displayorders.asp page will delete credit
card numbers automatically when the order is marked as
processed.
G. Securing
your Database
Note: This step is for
Access users ONLY!
If your database is not in a secure location, with the correct setting, hackers may be able to download through the web browser. To secure your database folder, you will need to update your IIS settings and the NTFS properties on your database folder.
To set up IIS permissions on your
database folder:
a) Click “Start,” “Control Panel,” then double-click “Administrative Tools.”
b) Double-click “Internet Information Services.”
c) Browse the database folder by expanding the menus on the left .
d) Right click your database folder and select “Properties.”
e) Uncheck the “Read box.”
f) Click “Apply.”
g) Click “OK.”