ProductCart Shopping Cart Software Forums : Remove uploading picture or file to Help Desk

Remove uploading picture or file to Help Desk : Hi Hamish,Yes, there is no absolute...

Wed, 07 Sep 2011 19:40:18 +0000

Author: Russ Nobbs
Subject: 4691
Posted: 07-September-2011 at 7:40pm

Hi Hamish,
Yes, there is no absolute guarantee that a server is bullet proof or that someone insider at an operation won't do something to compromise an installation or the data.
Thanks for the suggestion on Total Commander. Here Todd used both EximDif and Beyond Compare.

To keep up with security issues we subscribe to technical security alerts from http://www.us-cert.gov/ and monitor some webmaster sites watching for exploits that could touch our installation.

Remove uploading picture or file to Help Desk : Hi Russ, Early Impact are, of,...

Thu, 01 Sep 2011 06:39:13 +0000

Author: Hamish
Subject: 4691
Posted: 01-September-2011 at 6:39am

Hi Russ,
Early Impact are, of, course, doing everything possible to prevent exploits , even if they are due to failings in IIS6 as was the case on this occasion. The reality is that even if ProductCart is perfect there is no absolute guarantee that a server is bullet proof. A couple of us use and like Total Commander. You cam use it to carry out a very quick compare of files on the server with a copy previously downloaded, or even better a copy of the files you uploaded. It can also generate MD5 checksums to allow definitive verification that files have not been modified.

Remove uploading picture or file to Help Desk : Thank you for the instructions...

Thu, 01 Sep 2011 02:32:49 +0000

Author: Russ Nobbs
Subject: 4691
Posted: 01-September-2011 at 2:32am

Thank you for the instructions for manually removing the ability to upload pictures or files. We've taken that step.

Having the ability to turn all customer upload operations off with a single control panel "switch" would be convenient.

We're looking at the advanced security settings ( http://wiki.earlyimpact.com/productcart/settings-security-settings ) to see if there are others that make sense to enable without making the store too complicated for the customer to navigate. After recent exploits of our stores we need to find the best ways to avoid any future intrusion or damage.

Remove uploading picture or file to Help Desk : Hi Russ,thanks for your feedback....

Sat, 27 Aug 2011 20:07:43 +0000

Author: ProductCart
Subject: 4691
Posted: 27-August-2011 at 8:07pm

Hi Russ,

thanks for your feedback. That could add an additional layer of security and it's a good suggestion for a new feature.

For now, it looks like you can manually turn uploading permissions off in the Help Desk by editing the following line:

AllowUpload="1"

... by changing the 1 to 0.

This must be done in 4 files in the storefront:

- pc\useraddfeedback.asp

- pc\usereditComment.asp

- pc\usereditFeedback.asp

- pc\userviewfeedback.asp

We'll definitely look at turning this into a Control Panel setting in the future.

Remove uploading picture or file to Help Desk : With the recent security problems...

Fri, 26 Aug 2011 18:06:04 +0000

Author: Russ Nobbs
Subject: 4691
Posted: 26-August-2011 at 6:06pm

With the recent security problems it would be worthwhile to allow stores to turn off or deny customers from uploading pictures or files to the Help Desk.

Customers do use the Help Desk. We'd like to eliminate any potential security hole in the future by removing the ability to upload anything except by administrators.