Thread: 4.1.9 changelog
View Single Post
  #8  
Old 10-10-2007, 12:17 AM
  Ene's Avatar 
Ene Ene is offline
 

X-Cart team
  
Join Date: Aug 2004
Posts: 907
 

Default Re: 4.1.9 changelog

Also please pay attention to the following new X-Cart constants in config.php file:

Quote:
#
# The constant SECURITY_BLOCK_UNKNOWN_ADMIN_IP allows you to enable a
# functionality that will prevent usage of your store's back-end from IP
# addresses unknown to the system.
#
define("SECURITY_BLOCK_UNKNOWN_ADMIN_IP", true);

#
# The constant USE_SESSION_HISTORY allows you to enable synchronization of
# user sessions on the main website of your store and on domain aliases.
#
define("USE_SESSION_HISTORY", true);

#
# The constant FORM_ID_ORDER_LENGTH sets the length for the list of unique
# form identifiers. A unique form identifier ensures that a form is valid
# and serves as a protection from CSRF attacks. If FORM_ID_ORDER_LENGTH is
# not declared or is set to a non-numeric value or a value less than 1,
# it's value will be set to 100.
#
define("FORM_ID_ORDER_LENGTH", 100);

#
# The constant FRAME_NOT_ALLOWED forbids calling X-Cart in IFRAME / FRAME tags.
# If you do not use X-Cart in any pages where X-Cart is displayed through a
# frame, this option can be enabled to enhance security. This option prevents
# attacks in which the attacker displays X-Cart through a frame and, using web
# browser vulnerabilities, intercepts the information being entered in it.
#
define("FRAME_NOT_ALLOWED", false);

If you have any questions, please ask.
__________________
Eugene Kaznacheev,
Evangelist/Product Manager at Ecwid: http://www.ecwid.com/ (since Sept 2009)

ex-Head of X-Cart Tech Support Department
ex- X-Cart Hosting Manager - X-Cart hosting
ex-X-Cart Technical Support Engineer


Note: For the official guaranteed tech support services please turn to the Customers HelpDesk.
Reply With Quote