Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Considering X-Cart
 
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project
 
Thread Tools Search this Thread
  #1  
Old 05-05-2010, 07:12 AM
 
arthernan arthernan is offline
 

Newbie
  
Join Date: May 2010
Posts: 1
 

Default Considering X-Cart

At our company we are considering X-Cart for our new website.

We are a continuing education provider with a very wide costumer base. As an organization we have the guideline of securing our customer list as much as possible.

We feel that web servers are the most vulnerable piece of software. If an attacker got control of it they could in turn look for database client software libraries. If they are found they could initiate an attack on the database.

Our approach has been for some time not to have any database libraries installed in our DMZ, but instead the web server sends requests to a middle tier in our network. That middle tier in turn connects to the database and makes the neccesary updates and queries. So the database library is installed only in the server where the middle tier resides.


Here are some references to this approach

partitioned application" pattern in
http://www.scrypt.net/~celer/securitypatterns/final%20report.pdf


Paragraph "Application partitioning is a well studied ..." in
http://dspace.mit.edu/bitstream/handle/1721.1/34954/MIT-CSAIL-TR-2006-080.pdf?sequence=1

My question is if this kind of architecture is possible with X-Cart. And if it is not what is the security approach taken in the architecture level and it's rationale.

Thank you.
__________________
ok
Reply With Quote
  #2  
Old 05-06-2010, 01:36 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,099
 

Default Re: Considering X-Cart

Hi Arthernan,

Thank you for taking interest in our software and welcome aboard!


> Our approach has been for some time not to have any database libraries
> installed in our DMZ, but instead the web server sends requests to a
> middle tier in our network. That middle tier in turn connects to the
> database and makes the neccesary updates and queries. So the database
> library is installed only in the server where the middle tier resides.

X-Cart stores all its data in a MySQL database. Generally speaking X-Cart sends requests to do something with its database to MySQL server.
At the same time MySQL server can be located naturally anywhere taking in
account a server that runs X-Cart can access it via network connections.

Thus you can place MySQL server somewhere in an internal part of your network, protect it by firewall that allows connections only from X-Cart web-server.

If you would like to have some middleware software that performs all database operations instead of X-Cart (i.e. X-Cart "asks" the middleware to do a database operation instead of sending such request to the MySQL server directly) you will need to customize X-Cart as it was designed to operate with MySQL server directly. I am not sure about cost of such customization but I do not think it will be low.

Feel free to contact us with any questions.

Alex
__________________
Sincerely yours,
Alex Mulin
VP of business development for X-Cart
X-Payments project manager
Reply With Quote
Reply
   X-Cart forums > Considering X-Cart > Considering using X-Cart for my project


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 12:35 PM.

   

 
X-Cart forums © 2001-2018