Security Best Practices

It is your responsibility to take the proper security precautions to protect your customer's information. These steps are, but not limited to the following:

• Maintaining physical security of the servers and database.

• Installing proper SSL certificates on your servers (see SSL certificates). We require a dedicated SSL certificate tied to www.yourdomainname.com (whatever your domain name is).

• Timely application of server security management updates and service packs.

• Managing the store with proper procedures and safety precautions to protect consumer information.

• Maintaining control over usernames and passwords.

• Reviewing how AspDotNetStorefront code and database are constructed. This is to ensure you are comfortable with them, and able to add additional security constraints where you feel necessary.

• Reviewing the encryption used by default, enhancing it if you feel necessary.

Extra Safety Precautions

• Rename the "admin" folder to something unique for your site, so others can't easily guess your admin URL.  Obviously, make sure that your web settings do not allow directory or direct file retrieval! In this manual, we still use the "admin" folder for documentation purposes. If you do rename the admin folder, Set AppConfig:AdminDir={the name of your new admin directory}, so the store will know where to find it.

• Require a Windows Authenticated login for your admin folder. You can request this via your hosting company.

• If you are NOT using order exports, delete or rename the orderXML.aspx files so they are no longer available. They are password protected, but you do not need that file on your server if you will not be using it. Also, you may remove the thubservice.aspx file if you are NOT using the QuickBooks exporter.

• Remove any of the *.bak files you may have accidentally copied to your live servers. These are often automatically created by text editors like Visual Studio, etc.

• Remove any unneeded files from your production server (Click here for more information)

• Set <customErrors mode="RemoteOnly"> in all web.config files, except during debug sessions.

• Enable SSL. AspDotNetStorefront allows you to develop/debug and going live without turning on SSL if you choose. However, we STRONGLY recommend against doing so.

• AspDotNetStorefront switches to HTTPS (secure) mode on the first call to the shoppingcart.aspx page if AppConfig:UseSSL=true and AppConfig:LiveServer ={your domain name} (i.e. if you are running on the production domain). The store will then stay in HTTPS mode during the user's session. Click here for an explanation as to why this is done. You may override this behavior by setting AppConfig:GoNonSecureAgain=true, but we do not recommend doing that.

• By default, the store will NOT store credit cards in the database. This is because of the setting AppConfig:StoreCCInDB=false. In many cases,  it is not necessary to store the credit card information in your database, because it is already in the merchant gateway admin interface. However, you may have to enable this to store credit cards numbers, if you are using recurring billing products and if you are processing your orders manually. So to enable that, set the AppConfig:StoreCCInDB=true, for the information to be online for later processing. If you are not storing card numbers in the database, you cannot use recurring products. Also, some gateways are not setup to do void, captures, or refunds without credit card numbers. In those special cases, you must run in AUTH CAPTURE transaction mode and process refunds manually. See the gateway information section for more details as to how each gateway works. In particular, Authorize.Net does not require credit cards to be stored in order to enable refunds, void, and captures.