Securing your Cart32 data and output files
Posted by Matt Marler on 12 March 2010 10:00 AM
This article applies to users of all versions of Cart32 on servers using IIS v4.0 for their web server.|
Note: If you are using IIS3, IIS5, Website Pro, or another web server, then the instructions below may not be specific enough for your particular server. In that case, please contact the Cart32 Technical Support Team (firstname.lastname@example.org or 417-865-1283, ext. 1) for additional help.
There are certain Cart32 files that contain needed program data, but if they are downloaded directly could be used to obtain sensitive information. All of these steps must be made by the website host directly on the server.
Here are the steps we recommended for securing that data on the server.
1. Go to IIS Internet Service Manager.
2. Select the website running Cart32 and select the CGI directory.
3. Locate the file in that directory called cart32.ini. Right-click on that file and choose Properties.
Note: In some installations (full install) the cart32.ini file is located in another directory (under program files) and you skip to step 13.
4. Under the File Tab - Access Permissions, uncheck Read.
5. Go to the File Security tab and click on Edit under the Anonymous Access section.
6. Uncheck Allow Anonymous Access.
7. Click OK on all dialog boxes until you are back to the IIS administration window.
8. Right click on the Cart32 directory in the CGI directory and choose Properties.
Note: In some installations (full install) the Cart32 directory is located in another directory (under program files) and you skip to step 13.
9. Under the Directory Tab - Access Permissions, uncheck Read.
10. Go to the Directory Security tab and click on Edit under the Anonymous Access section.
11. Uncheck Allow Anonymous Access.
12. Click OK on all dialog boxes until you are back to the IIS administration window.
13. If you have the Cart32 orders output file (set under the Orders tab) or any export files written to a directory outside of the default Cart32 directory, Steps 8-12 also need to be performed on that directory to ensure that web access of these files is not possible.
This prevents anonymous users from downloading the Cart32 data over the web, but still allows Cart32 to use the files internally.