Dear Friends , i downloaded the 1.90 version and installed on my local server and i made my web site contents and products and all , i had site 2 times before made by joomla virtuemart they hacked my web site very easy in 1 week both , im afraid somebody can hack this site too can we trust nopCommerce Security , is there any settings for security ? what i must change if i download and send it to my ftp host ? what kind of security settings or changes i must make for this open source free copy ?
and i see in some websites has web.config files in side with encryp maybe md5 or hash1 i dont know but when i open web.config file i cant read because it is mix with such security system , what we can make for our web.config file and connection string ?
nopCommerce 1.90 Security Problem.
- 6
- 40
- 2011/06/10
- United States
If I understood correctly....
The web.config file (or any .config file) is not accessible via the web. A user can not navigate to site.com/web.config.
NopCommerce 1.9 is PCI compliant. In theory, it is secure. But just make sure you have a strong password for the admin area. You might also want to rename the /administration folder, but that requires some developer time.
The web.config file (or any .config file) is not accessible via the web. A user can not navigate to site.com/web.config.
NopCommerce 1.9 is PCI compliant. In theory, it is secure. But just make sure you have a strong password for the admin area. You might also want to rename the /administration folder, but that requires some developer time.