Also please pay attention to the following new X-Cart constants in config.php
# The constant SECURITY_BLOCK_UNKNOWN_ADMIN_IP allows you to enable a
# functionality that will prevent usage of your store's back-end from IP
# addresses unknown to the system.
# The constant USE_SESSION_HISTORY allows you to enable synchronization of
# user sessions on the main website of your store and on domain aliases.
# The constant FORM_ID_ORDER_LENGTH sets the length for the list of unique
# form identifiers. A unique form identifier ensures that a form is valid
# and serves as a protection from CSRF attacks. If FORM_ID_ORDER_LENGTH is
# not declared or is set to a non-numeric value or a value less than 1,
# it's value will be set to 100.
# The constant FRAME_NOT_ALLOWED forbids calling X-Cart in IFRAME / FRAME tags.
# If you do not use X-Cart in any pages where X-Cart is displayed through a
# frame, this option can be enabled to enhance security. This option prevents
# attacks in which the attacker displays X-Cart through a frame and, using web
# browser vulnerabilities, intercepts the information being entered in it.
If you have any questions, please ask.
Evangelist/Product Manager at Ecwid: http://www.ecwid.com/
(since Sept 2009)
ex-Head of X-Cart Tech Support Department
ex- X-Cart Hosting Manager - X-Cart hosting
ex-X-Cart Technical Support Engineer
For the official guaranteed tech support services please turn to the Customers HelpDesk