Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 5 of 5

Thread: Security Audit

  1. 10-18-2008, 06:44 AM #1
    aopn is offline Junior Member
    Join Date
    Sep 2007
    Posts
    4

    Default Security Audit

    hi,
    I get several warnings when I run admin site home page(ML v. 7.1.1.0), as follows:

    Security Audit
    admin.splash.aspx.security.SSL
    admin.splash.aspx.security.DefaultAdmin
    admin.splash.aspx.security.CustomErrors
    admin.splash.aspx.security.Debug
    admin.splash.aspx.security.WebConfigWritable
    admin.splash.aspx.security.RootWritable

    What is about?

    Thanks
    aopn
  2. 10-18-2008, 07:36 AM #2
    ASPAlfred is offline Senior Member
    Join Date
    Nov 2007
    Posts
    2,244

    Default

    If this is an upgrade from a lower version, make sure you ran the upgrade script (Update 7.0.x to latest). It looks like those strings were not properly loaded or missing in the DB. You may also re-load the string resources from an excel file location in StringResource folder from the ML 7.1.1.0 build.
  3. 10-18-2008, 11:14 AM #3
    aopn is offline Junior Member
    Join Date
    Sep 2007
    Posts
    4

    Default

    Thanks! It s ok!
    Now the content did change.

    "The default user 'admin@aspdotnetstorefront.com' is a registered user on this website. Click Here to edit this user."

    What is about?
    aopn
  4. 10-18-2008, 11:23 AM #4
    George the Great is offline Senior Member
    Join Date
    Nov 2006
    Location
    Cleveland, OH
    Posts
    1,792

    Default

    We've done what we can in the software to make ecommerce as safe for the owner and their customers as we possibly can, but there are things that as an owner you must do for yourself as well. These involve following our security best practices and making sure that the default admin login has been changed (it's really not that hard to find if you've never used the storefront before ). By making sure that this is changed, and by following the security best practices, you can make sure your site, your data, and your customers are as safe as possible.
    <a href="http://www.aspdotnetstorefront.com">Shopping Cart Software</a>
  5. 10-20-2008, 11:37 AM #5
    DanV's Avatar
    DanV is offline Ursus arctos horribilis
    Join Date
    Apr 2006
    Posts
    1,568

    Default

    Leaving the default user registered on the website causes two primary issues. The first is that an attacker already knows the username of one of your admins (this information is published in our manual), so all they need to determine is a password. The second issue is that if you lose your admin password, you cannot retrieve it via email due to the fact that admin@aspdotnetstorefront is not a valid email address, so if you ever have to reset your password, it would have to be done directly in the database.