ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart > Suggestions
  New Posts New Posts RSS Feed - Remove uploading picture or file to Help Desk
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Remove uploading picture or file to Help Desk

 Post Reply Post Reply
Author
Message
Russ Nobbs View Drop Down
Newbie
Newbie


Joined: 26-August-2008
Location: Spokane WA USA
Status: Offline
Points: -1
Post Options Post Options   Thanks (0) Thanks(0)   Quote Russ Nobbs Quote  Post ReplyReply Direct Link To This Post Topic: Remove uploading picture or file to Help Desk
    Posted: 26-August-2011 at 6:06pm
With the recent security problems it would be worthwhile to allow stores to turn off or deny customers from uploading pictures or files to the Help Desk.

Customers do use the Help Desk. We'd like to eliminate any potential security hole in the future by removing the ability to upload anything except by administrators.
Back to Top
ProductCart View Drop Down
Admin Group
Admin Group

ProductCart Team

Joined: 01-October-2003
Status: Offline
Points: 135
Post Options Post Options   Thanks (0) Thanks(0)   Quote ProductCart Quote  Post ReplyReply Direct Link To This Post Posted: 27-August-2011 at 8:07pm
Hi Russ,

thanks for your feedback. That could add an additional layer of security and it's a good suggestion for a new feature. 

For now, it looks like you can manually turn uploading permissions off in the Help Desk by editing the following line:
AllowUpload="1"
... by changing the 1 to 0.

This must be done in 4 files in the storefront:

- pc\useraddfeedback.asp
- pc\usereditComment.asp
- pc\usereditFeedback.asp
- pc\userviewfeedback.asp

We'll definitely look at turning this into a Control Panel setting in the future.
The ProductCart Team

Home of ProductCart shopping cart software
Back to Top
Russ Nobbs View Drop Down
Newbie
Newbie


Joined: 26-August-2008
Location: Spokane WA USA
Status: Offline
Points: -1
Post Options Post Options   Thanks (0) Thanks(0)   Quote Russ Nobbs Quote  Post ReplyReply Direct Link To This Post Posted: 01-September-2011 at 2:32am
Thank you for the instructions for manually removing the ability to upload pictures or files. We've taken that step.

Having the ability to turn all customer upload operations off with a single control panel "switch" would be convenient.

We're looking at the advanced security settings ( http://wiki.earlyimpact.com/productcart/settings-security-settings ) to see if there are others that make sense to enable without making the store too complicated for the customer to navigate.  After recent exploits of our stores we need to find the best ways to avoid  any future intrusion or damage.
Back to Top
Hamish View Drop Down
Admin Group
Admin Group


Joined: 12-October-2006
Location: United Kingdom
Status: Offline
Points: 56
Post Options Post Options   Thanks (0) Thanks(0)   Quote Hamish Quote  Post ReplyReply Direct Link To This Post Posted: 01-September-2011 at 6:39am
Hi Russ,
Early Impact are, of, course, doing everything possible to prevent exploits , even if they are due to failings in IIS6 as was the case on this occasion. The reality is that even if ProductCart is perfect there is no absolute guarantee that a server is bullet proof. A couple of us use and like Total Commander. You cam use it to carry out a very quick compare of files on the server with a copy previously downloaded, or even better a copy of the files you uploaded. It can also generate MD5 checksums to allow definitive verification that files have not been modified.
Back to Top
Russ Nobbs View Drop Down
Newbie
Newbie


Joined: 26-August-2008
Location: Spokane WA USA
Status: Offline
Points: -1
Post Options Post Options   Thanks (0) Thanks(0)   Quote Russ Nobbs Quote  Post ReplyReply Direct Link To This Post Posted: 07-September-2011 at 7:40pm
Hi Hamish,
Yes, there is no absolute guarantee that a server is bullet proof or that someone insider at an operation won't do something to compromise an installation or the data.
Thanks for the suggestion on Total Commander. Here Todd used both EximDif and Beyond Compare.

To keep up with security issues we subscribe to technical security alerts from http://www.us-cert.gov/ and monitor some  webmaster sites watching for exploits that could touch our installation.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.063 seconds.