URL: http://www.uburst.com/cgi-bin/dcforum/dcboard.cgi
Forum: ustore_config
Thread Number: 31
[ Go back to previous page ]

Original Message
"Secure Servers & Upload"

Posted by Julian [ja@yourservice.co.uk] on at 09:40 AM
I have two questions:-

1.. We have our own secure certificate but our secure space (https://secure.yourservice.co.uk) is not on the same server as our web space (http://www.yourservice.co.uk). How can we configure uStorekeeper to transfer data between them?

2.. Is it possible to restrict file uploads to .gif and .jpg file ONLY? How can we prevent someone uploading an executable file or others?

Otherwise the system works great!!


Table of contents

Messages in this discussion
"RE: Secure Servers & Upload"
Posted by Bill Weiner on at 03:35 PM
With uStorekeeper, if the public server and the secure server are not physically the same server.... then unfortunately, there is going to be a problem. This is because during the shopping experience a .cart file will be maintained on the server.... and then during the order process.... that .cart file will again need to be accessed via the secure server. Furthermore, throughout the shopping experience, the "settings.txt" file that is configured/maintained by the uStorekeeper Control Panel is used both by the public store pages and the secure order pages.... so that "settings.txt" file has be accessible too.

As for the file uploads, hmmmmm... I know we have a check to limit the size of the file... but I'm not sure if we have a check on the actual file type. The logic may have been that the user of the image upload utility would only be the storeowner himself....and therefore can be trusted not to upload anything harmful.... but it definitely wouldn't hurt having the check in there. I'll look into it.