Also please pay attention to the following new X-Cart constants in
config.php file:
Quote:
#
# The constant SECURITY_BLOCK_UNKNOWN_ADMIN_IP allows you to enable a
# functionality that will prevent usage of your store's back-end from IP
# addresses unknown to the system.
#
define("SECURITY_BLOCK_UNKNOWN_ADMIN_IP", true);
#
# The constant USE_SESSION_HISTORY allows you to enable synchronization of
# user sessions on the main website of your store and on domain aliases.
#
define("USE_SESSION_HISTORY", true);
#
# The constant FORM_ID_ORDER_LENGTH sets the length for the list of unique
# form identifiers. A unique form identifier ensures that a form is valid
# and serves as a protection from CSRF attacks. If FORM_ID_ORDER_LENGTH is
# not declared or is set to a non-numeric value or a value less than 1,
# it's value will be set to 100.
#
define("FORM_ID_ORDER_LENGTH", 100);
#
# The constant FRAME_NOT_ALLOWED forbids calling X-Cart in IFRAME / FRAME tags.
# If you do not use X-Cart in any pages where X-Cart is displayed through a
# frame, this option can be enabled to enhance security. This option prevents
# attacks in which the attacker displays X-Cart through a frame and, using web
# browser vulnerabilities, intercepts the information being entered in it.
#
define("FRAME_NOT_ALLOWED", false);
|
If you have any questions, please ask.
__________________
Eugene Kaznacheev,
Evangelist/Product Manager at Ecwid:
http://www.ecwid.com/ (since Sept 2009)
ex-Head of X-Cart Tech Support Department
ex- X-Cart Hosting Manager -
X-Cart hosting
ex-X-Cart Technical Support Engineer
Note: For the official guaranteed tech support services please turn to the
Customers HelpDesk.