2 security questions

**kjharrison** · 8 Jul 2006, 09:26 PM

I just designed my web site using ZenCart and am planning on putting it up on the server next week. I'm still in the process of getting e-commerce set up, so I'm just going to make it a showcase until I'm ready. My question is about credit card numbers. Are they stored on the server, in the database or via the payment gateway? If via the payment gateway, I assume that nothing about users' credit cards will be stored on the web site. I'm probably going to use Authorize.net. Pay Flo Pro isn't supported in Zen Cart. At elast not yet.

I also have a security qwuestion about the admin folder. I thought at one point I had read that it's a good idea to change the name of the admin folder for security reasons. Did I dream this or is it true?

**superprg** · 8 Jul 2006, 09:38 PM

Originally Posted by kjharrison

I just designed my web site using ZenCart and am planning on putting it up on the server next week. I'm still in the process of getting e-commerce set up, so I'm just going to make it a showcase until I'm ready. My question is about credit card numbers. Are they stored on the server, in the database or via the payment gateway? If via the payment gateway, I assume that nothing about users' credit cards will be stored on the web site. I'm probably going to use Authorize.net. Pay Flo Pro isn't supported in Zen Cart. At elast not yet.

I also have a security qwuestion about the admin folder. I thought at one point I had read that it's a good idea to change the name of the admin folder for security reasons. Did I dream this or is it true?

For #2, they ask to change the name of the admin folder since when you keep the default admin folder, anyone can make an attempt to enter into admin using cart/admin path
Also, it would be more safe if you can put an IP check for admin that when your IP(s) is there then only let the admin open ( Can be done through .htaccess)

**kjharrison** · 8 Jul 2006, 09:53 PM

Originally Posted by superprg

For #2, they ask to change the name of the admin folder since when you keep the default admin folder, anyone can make an attempt to enter into admin using cart/admin path
Also, it would be more safe if you can put an IP check for admin that when your IP(s) is there then only let the admin open ( Can be done through .htaccess)

My IP changes, so I don't htink the .htaccess will work for me.

**Merlinpa1969** · 8 Jul 2006, 09:54 PM

as for your first question

this is a several part answer.
If you use the stock credit card module.
zen cart will store 1/2 of the number and email you the other 1/2 and the cvv

if you are using authorize.net then no the numbers do not get stored in the database.

and as far as I know payplow pro works with zen cart.

**superprg** · 9 Jul 2006, 07:16 AM

Originally Posted by kjharrison

My IP changes, so I don't htink the .htaccess will work for me.

No problems, you can atleast change the admin folder name

**kjharrison** · 9 Jul 2006, 11:26 AM

Originally Posted by superprg

No problems, you can atleast change the admin folder name

I plan opn doing that. Thank you. Will I have to change any other files?

**superprg** · 9 Jul 2006, 02:38 PM

Originally Posted by kjharrison

I plan opn doing that. Thank you. Will I have to change any other files?

Yes, you would have to make changes in the admin/configure.php
Simply renaming the folder name might land you in trouble!
SAn

Thread: 2 security questions

Thread Tools

Search Thread

Display

2 security questions

Re: 2 security questions

Re: 2 security questions

Re: 2 security questions

Re: 2 security questions

Re: 2 security questions

Re: 2 security questions

Similar Threads

Upgrade Questions re: Security & Templates

Security Patch Questions

Posting Permissions