Quote:
Originally Posted by Ksenia
If you upgrade the database on a dev server, when you move the upgraded DB back to production server you need to edit config.php of production copy as follows:
1)copy $blowfish_key and security keys ($xc_security_key_session, $xc_security_key_config, $xc_security_key_general) from dev copy
or
2) Set these constants to 'false' so that the secret keys will not be checked:
const CHECK_CUSTOMERS_INTEGRITY
const CHECK_XAUTH_USER_IDS_INTEGRITY
const CHECK_RESET_PASSWORDS_INTEGRITY
const CHECK_CONFIG_INTEGRITY
|
Hi
Could we maybe have a bit of explanation of what these options do ? I much appreciate the tightened security but I think the implications can catch you out. The description in the manual seems to imply this only affects Admin users not all customers (is this correct ?), but is not clear what exactly "checked for authenticity" does.
Quote:
......defines whether admin and (X-Cart PLATINUM) provider profiles in the xcart_customers table should be checked for authenticity to prevent their malicious faking and stealing.
|
I assume you will get the same problem if you move a live store to different server? Does regenerating the blowfish key re-set all the secret keys as well ? So can you set the options to "false", log on, regenerate the blowfish key & then set them back to "true" ?
Thanks