I know that the cart can be set up to disallow products/categories from showing up unless a customer is logged into the site, but is there a way to prevent download of the actual files and folders?
Drew
Should be a basic security setup relative to your hosting. Check with your hosting provider. No one should be able to download anything.
Any site can be “dumped” if available to the public, but I am having trouble finding a way to keep the directories
from being accessible to anything but the cart itself. I would love to find a way to do it, though.
[quote name='tbirnseth' timestamp='1324340441' post='128107']
Should be a basic security setup relative to your hosting. Check with your hosting provider. No one should be able to download anything.
[/quote]
No cs-cart site can be “dumped” if setup correctly. Yes, you can do view-source on rendered pages, but you certainly can't get to individual files and directories if your site is setup correctly. There are exclusions for things like var/exim, etc…
Hi,
I think that I understand… I used a dump program on the site and was able to get everything off successfully, which is what
I am trying to prevent. Do you have access to information on how to set up what you were recommending, or can you recommend
search terms on google to get me in the right direction?
Drew
[quote name='tbirnseth' timestamp='1324410003' post='128158']
No cs-cart site can be “dumped” if setup correctly. Yes, you can do view-source on rendered pages, but you certainly can't get to individual files and directories if your site is setup correctly. There are exclusions for things like var/exim, etc…
[/quote]
I'm guessing your “dump program” was a crawler that simply crawled the HTML of your site.
No, you can't prevent that unless you password protected the site.
But I doubt you were able to retrieve any template files or php file or javascript files directly. You will only see what is sent to your browser.
Contact your host if you are worried about security. Too many hosting variations to try to address here.
Thank you for the input… when I figure out my options, I will post the results.
I tried password protecting a sub folder today but all I am getting is 404, my host says it is how the script is set up but does anyone know if it can be done or has anyone done it?
I tried through cpanel and also manually setting it up in .htaccess and .htpasswd.
Thanks
John