yoanna.kostova wrote:You mentioned that you are using a very old version of NopCommerce and you are still maintaining it, isn't this a security risk as Microsoft stops the support of old versions?
This version targets ASP.Net 4.7.2 which does not yet have an end date for support which is good.
From
https://learn.microsoft.com/en-us/lifecycle/products/microsoft-net-frameworkAlso "Starting with Visual Studio 2022, Visual Studio no longer includes .NET Framework components for .NET Framework 4.0 - 4.5.1 because these versions are no longer supported"
Maybe I am wrong, but I think that even though Microsoft say a particular .net version is no longer supported, it would still be the case that if something really bad was discovered in that version and the package it is available to be download from a Microsoft site, then I am guessing that issue would be fixed in a new release regardless of whether they say it is supported or not.
In addition nopCommerce is always at the forefront of developments and potential security issues are identified and protections have been built in the designs even way back then at the start.
That's not to say the website does not try to get hacked everyday and so your server configurations and system protections also part in protecting a website operation.
yoanna.kostova wrote:If every single change in the core functionality will have to be moved manually doesn`t that deprive the dev team to use what they have out of the box?
What I did not say is that you can have your own library of routines built and rebuilt as .dlls which can be referenced to the Core or to a Plugin. Then it is only the interface to the routines in the libraries that would need to be moved into update versions.
Same with Razor view files. You can have your own Theme and all the files from the Core you have modified can reside in your theme. The way the system works is to have a search path for View Files.
So first it will search the current Theme for the View file. If it cannot find the file requested in the Theme then it will default to use the Core view files. In addition using a Plugin you can create a Custom View Engine and direct it the search the view files in your Plugin.
yoanna.kostova wrote:Regarding the database - if I want to migrate to a newer version of NopCommerce, how can I link my existing database with extended properties, tables, and data? I tried adding an existing database when setting up Nop but I get an error
Yes the Database version also needs to match with the current version of nopCommerce. So if you have customisations in the database / missing / different fields there will be errors. So the database also needs to be updated through versions.
This is where Plugins are also useful. You can have all the changes in the database over time managed by a plugin using Data migrations. So when you run an install for the plugin it will make all the changes to the new database as required, or it can upgrade the custom tables you have added in previous versions of the database.