Hackers are everywhere. Running a website is a calculated risk. There are textbooks full of ways to break into every web server on the market, so if someone decides to make your website a target, they probably will. We have attempted to write the program so that it will not allow anyone to use the CGI script as a means to gain access to your server, and will post free updates as soon as any security holes are discovered, but NO SYSTEM IS 100% HACK PROOF.
Your hosting agreement is very specific about liability in the event of criminal intrusion and other types of internet crime. Your suppliers, as well as your customers, will be affected if your site gets hacked. The burden of liability will most likely fall on you and your business.
Any SSI commands, tabs, and return characters are removed from all user input. In addition, parameters used to call specific files or system functions are put through further filtering to prevent browser manipulation.
SurfShop™ ensures that each users “cart” is unique by generating a random 10-character key which is checked against all existing keys. If a user returns to the store with a key that does not have a corresponding “cart,” SurfShop™ generates a new key. SurfShop™ only accepts ID's from a user's browser that have been encrypted using that store's private encryption key.
Certain fields are automatically scrambled by the program. Passwords, Credit Card and Check information are all stored this way. While not “encryption” in the legal sense, it prevents data from being viewed by authorized users who may have access to your server.
SurfShop™ runs under both the “strict” and “taint” modes, which force the program to quit if the server notices anything that it deems “unsafe” happening while running the script. If you configure the program as it was designed, the data files are stored outside of the public portion of your website.
Some shared hosting environments do not allow users access to their domain above the “public” directory. For this, SurfShop™ automatically installs .htaccess files in the data directories. This tell the web server to require authentication before sending anything to a browser.
SSL is a means to secure the transfer of information between a browser and a server. What happens to the data after it is on your server is another story.
While it is very difficult to access your data files from a web browser without administrator access, it is fairly simple to access them if you have FTP or Telnet access to your web server. Unless your host has taken measures to prevent other users from accessing your files, it is just as easy for anyone else with access to your shared hosting server. If you download your data files via “clear text” FTP to your computer, you might as well not even bother with SSL.
When you are finished setting up your store, CHANGE ALL DIRECTORY PERMISSIONS TO read-only. This applies to any directories you had to open up for file uploads during installation, particularly the “data,” “tmp” and “store” directories.
If you can run the scripts with your data directory permissions at 700, your data files at 600 and your CGI scripts at 711 (the lowest owner-read/write permission), you should do so. This keeps anyone but the owner of the files (you) from being able to browse the data directories when they are logged in as another user.
Unfortunately, not all web hosting providers configure their user accounts this way, so all of this documentation tells you to set your permissions to the world-read/write level.
Because of the varying levels of security on web servers, and the high risk of storing sensitive customer data on your web site, we cannot guarantee or even suggest that this script will keep your data secure. We recommend the following: (1) do not store sensitive data at all, but rather let your credit card processor do it. (2) Delete sensitive information as soon as the orders are fulfilled. SurfShop™ was designed so that you can manage as much or as little data as you wish.
It is impossible to reach a point of total security. Internet security is, at best, an exercise in mitigation. Systems are fallible. The best means to counter fraudulent and mischievous activity is to be vigilant. Monitor your log files like a hawk. Remove sensitive information on a regular basis. Check your site regularly and use common sense.