|
Remove uploading picture or file to Help Desk |
Post Reply 
|
| Author | |
Russ Nobbs 
Newbie 
Joined: 26-August-2008 Location: Spokane WA USA Status: Offline Points: -1 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Remove uploading picture or file to Help DeskPosted: 26-August-2011 at 6:06pm |
|
With the recent security problems it would be worthwhile to allow stores to turn off or deny customers from uploading pictures or files to the Help Desk.
Customers do use the Help Desk. We'd like to eliminate any potential security hole in the future by removing the ability to upload anything except by administrators. |
|
 |
|
|
ProductCart
Admin Group 
ProductCart Team Joined: 01-October-2003 Status: Offline Points: 135 |
Post Options
Thanks(0)
Quote Reply
Posted: 27-August-2011 at 8:07pm |
|
Hi Russ,
thanks for your feedback. That could add an additional layer of security and it's a good suggestion for a new feature. For now, it looks like you can manually turn uploading permissions off in the Help Desk by editing the following line:
... by changing the 1 to 0. This must be done in 4 files in the storefront: - pc\useraddfeedback.asp - pc\usereditComment.asp - pc\usereditFeedback.asp - pc\userviewfeedback.asp We'll definitely look at turning this into a Control Panel setting in the future.
|
|
|
|
|
Russ Nobbs
Newbie
Joined: 26-August-2008 Location: Spokane WA USA Status: Offline Points: -1 |
Post Options
Thanks(0)
Quote Reply
Posted: 01-September-2011 at 2:32am |
|
Thank you for the instructions for manually removing the ability to upload pictures or files. We've taken that step.
Having the ability to turn all customer upload operations off with a single control panel "switch" would be convenient. We're looking at the advanced security settings ( http://wiki.earlyimpact.com/productcart/settings-security-settings ) to see if there are others that make sense to enable without making the store too complicated for the customer to navigate. After recent exploits of our stores we need to find the best ways to avoid any future intrusion or damage. |
|
|
|
|
Hamish
Admin Group
Joined: 12-October-2006 Location: United Kingdom Status: Offline Points: 56 |
Post Options
Thanks(0)
Quote Reply
Posted: 01-September-2011 at 6:39am |
|
Hi Russ,
Early Impact are, of, course, doing everything possible to prevent exploits , even if they are due to failings in IIS6 as was the case on this occasion. The reality is that even if ProductCart is perfect there is no absolute guarantee that a server is bullet proof. A couple of us use and like Total Commander. You cam use it to carry out a very quick compare of files on the server with a copy previously downloaded, or even better a copy of the files you uploaded. It can also generate MD5 checksums to allow definitive verification that files have not been modified. |
|
|
|
|
Russ Nobbs
Newbie
Joined: 26-August-2008 Location: Spokane WA USA Status: Offline Points: -1 |
Post Options
Thanks(0)
Quote Reply
Posted: 07-September-2011 at 7:40pm |
|
Hi Hamish,
Yes, there is no absolute guarantee that a server is bullet proof or that someone insider at an operation won't do something to compromise an installation or the data. Thanks for the suggestion on Total Commander. Here Todd used both EximDif and Beyond Compare. To keep up with security issues we subscribe to technical security alerts from http://www.us-cert.gov/ and monitor some webmaster sites watching for exploits that could touch our installation. |
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options