|
|
Administrator Access Levels
| From the home page of your admin area, click "View All Administrators". Please note that administrators are simply Customer accounts with the "AccessKey" field set to "A". Normal customers have an AccessKey set to "C". All Customers and Administrators are simply records in the "Customers" table.
SuperAdmin Accounts
There is also one more field in the Customers table that is related to Administrators, and that field is called "IsSuperAdmin". A SuperAdmin has full access to everything. Your store must always have at least one SuperAdmin account.
Employee / Limited Access Admin Accounts
1) Click to edit any existing customer record.
2) Set the field "IsSuperAdmin" to "N" or un-check the checkbox.
3) Set the field "AccessKey" to "Administrator" (A).
4) Click "Save Changes" and be sure the radio button below the save changes button is selected as "Save + View Record"
5) You should now see a link next to the "AccessKey" field that says "Edit Cust#123 Access Rules". Click this link to edit the Access Rules for this administrator. You can use this Access Rules page to grant or deny access to any area of your store. |
SSL Certificates
SSL Certificates are required for any e-commerce website accepting payments online. SSL provides a secure communication between the customer's computer and the web server. Each website (domain name) must have it's own SSL certificate.
SSL Certificates are available in 64bit or 128bit. 128bit is more secure, however both are very strong and either will suffice.
To purchase an SSL Certificate, you must contact your hosting company....
If you're hosting with Volusion, please follow these steps:
1) Purchase your SSL certificate online from "http://www.volusion.com/ssl_certificates.asp". From volusion.com you have the option to purchase a Volusion brand SSL Certificate, or other popular brands including Verisign & Thawte.
2) The Volusion staff will process your order within 1-2 business days and install the certificate for you.
If you're hosting with
another hosting provider:
1) Contact your hosting provider to have them purchase and install the SSL Certificate for you.
2) Login to your admin area and click to the "QuickSetup" page.
3) Scroll down and check the box labeled "SSL Installed". You can only check this box AFTER the certificate has been installed.
To verify that an SSL is installed on your website:
1) Go to your website's home page.
2) Change the address bar in your browser to include "https" rather than just "http". For example if your website is "http://www.mycompany.com" then go to "https://www.mycompany.com". If your site comes up at all, then your SSL is installed.
3) Whenever you're in secure mode you'll see a LOCK icon in the bottom right corner of your browser. You may double click that icon to see the details of the SSL certificate including when it expires.
Enabling the SSL Security Seal:
That "https" and "lock icon" are the only things that are required to verify that a website is secured by SSL, however you can also advertise the fact that your site by displaying an SSL Seal graphic on your website...
1)
From the home page of your admin area click on "Navigation Menu Promotions"
2) Find the appropriate pre-installed SSL Seal from the list... and then un-check the "Hidden" checkbox to un-hide the seal. By un-hiding it you're causing that navigation menu promotion to be display on your website, usually on the left side below your navigation menu.
|
Troubleshooting SSL alert boxes
If you've installed any third party scripts on your website, such as tracking javascripts, this is the most common cause of a security alert box popping up on your website when visiting your site securely.
To determine the cause of the problem, try the following in order until the alert box is gone:
1) Remove any third-party javascripts from your website.
2)
Do a "view source" on your website and then hit CTRL+F on your keyboard to popup the FIND dialog box. Search for "http://" (without the quotes) and go through each occurance of this... on each occurance you'll need to evaluate if the occurance is a possible cause of a security alert. Do determine this please see below:
-
If the occurrence consists of a hyperlink such as "<a href='http://" then it is ok, no problem.
- If the occurrence consists of an image source such as "<img src='http://" then it is NOT ok. This would cause an alert box.
- If the occurrence consists of a background image source such as "background='http://" then it is NOT ok. This would cause an alert box.
- If the occurrence consists of a javascript source such as "<javascript src='http://" then it is NOT ok. This would cause an alert box.
If you find the occurrences above that are
NOT ok, you'll need to change them to "https://" if that's an option depending on whether or not the server in reference supports SSL. Otherwise if the server in reference happens to be the same URL of your website, you do NOT need to have an absolute path to your website, you'll want to use a relative path for all images and hyperlinks. For example:
An absolute URL is: (aka absolute path)
http://www.mydomain.com/mypage.asp
A relative URL is: (aka relative path)
/mypage.asp
Both of the above examples (absolute & relative) link to the same exact place. Therefore you should always use the relative path when linking between pages and files within your own website. Never use the absolute path. Relative path has NO drawbacks, and is recommended for the following additional reasons:
* There will never be a problem between SSL and non-secure modes.
* You can change your domain name anytime and never have to change your hyperlinks. |
Encryption Password
| From the home page of your admin area, click "Set Encryption Password".
You may set your Encryption Password only when you first setup your store, before you open for business. This password is used by the system's encryption algorithms. This password will never be needed by a person, it is only used by the system as an added security measure. The password is important to your system, however as mentioned above, you cannot change it after you've taken lots of orders.
If you have not changed the password, it is using a default encryption password, which is fine. |
|
| |
| |
|
