StoreFront 5.0 Manual - StoreFront Support - LaGarde, Inc.
StoreFront 5.0 Manual - StoreFront Support - LaGarde, Inc.
StoreFront 5.0 Manual - StoreFront Support - LaGarde, Inc.
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Testing the Store’s Security<br />
User Guide<br />
It is important that your site be secure before you begin taking orders. Follow the steps below<br />
to ensure that every aspect of your site has been properly secured. If a certain security<br />
measure is not functioning, refer to Security, page 166, for more information or follow the<br />
instructions below each step for a quick fix. Note: these instructions apply only to live webs,<br />
hosted on remote servers.<br />
1. Make sure your database is not downloadable (for webs using an Access database<br />
only). To do this, open your remote web in FrontPage. Locate the database in the fpdb<br />
folder and right-click on it. Select Copy, then open a browser. Right-click in the<br />
address window of your browser and select Paste. This will paste the URL of your<br />
database into the address window. Hit enter. Your browser should be denied access<br />
to the database. If your browser starts to download a file, this indicates that the<br />
database has not been properly secured.<br />
Solution: Open your web in FrontPage and right-click on the fpdb folder. Select<br />
Properties. Make sure that Allow files to be browsed is unchecked.<br />
2. Make sure that your Admin folder is password-protected. To do this, open your<br />
browser. Enter the URL to your admin folder in the address window (the Admin folder<br />
is located under the SSL folder; i.e. http://www.yourweb.com/ssl/admin/).<br />
Hit enter. You should be prompted for a username and password. If you are not<br />
prompted for a username and password, this indicates that the Admin folder has not<br />
been properly secured.<br />
Solution: Contact your host and request that the Everyone account be removed from<br />
the admin folder, or that this folder be otherwise password-protected.<br />
3. Make sure that your MSADC virtual directory has been password protected. To do<br />
this, open your browser. Enter the URL to your MSADC folder in the address window<br />
(the MSADC folder is located under the root of your web; i.e. http://<br />
www.yourweb.com/MSADC/). Hit enter. You should be prompted for a username<br />
and password. If you are not prompted for a username and password, this indicates<br />
that the MSADC folder has not been properly secured.<br />
Solution: Contact your host and request that the MSADC virtual directory be configured<br />
to disallow anonymous access.<br />
173