VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Suggestions for future release
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

10 Posts

Posted - April 03 2004 :  20:04:58  Show Profile  Reply with Quote
Why, if the installation process leaves behind areas/methods for access to loser boneheads, isn't there a automatic deletion of all the unnessary files after installation?

And.. Why not send an e-mail or make a phone call with exclusive usreids and passwords so that your software is not vulnerable to smartass sissies for any period of time?

My VP-ASP was installed by FrontPage Web Hosting So if you guys or someone you sell through installs on the host site why not do these things? I know perhaps those who buy/install/then upload may need?,
to check funtionality out, however, you guys are smart enough to work this out.
And I say that in all sincerity.
[email protected]

Senior Member

United Kingdom
1898 Posts

Posted - April 04 2004 :  05:53:15  Show Profile  Visit devshb's Homepage  Reply with Quote
it is possible to plug all these gaps before releasing the site onto a public server.
but, just like you, I'd also like to have some kind of switch that I can set to automatically plug those holes before the files get copied to the site. (a lot of people, myself included, just use a normal pc setup for their source and then copy the whole lot to the host, rather than hosting it on their pc beforehand as a kind of offline server)
The key things are to change the admin id/pwd in the user table and moving the database file to a different/secure directory before you upload the files to a host.
not everyone who uses vpasp is a programmer, and these are key security issues.

Maybe one idea would be for vpasp to split the vpasp files into 2 sections when sending out the software, with one section being the current full list of files, and the second section being a "good-to-go" version of the same files but with the diagnostic files taken out and the admin id/pwd renamed automatically on a per-order basis (along with the name of the admin login screen), so that everyone who buys vpasp gets a different admin login page name and a different id/pwd. That way, the only thing you'd need to do is to change the location of the database file and voila; all measures implemented.

Simon Barnaby
Freelance Developer
Java-E UK
[email protected]
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000