|
|
|
|
Once you have followed the installation procedure to install and create the Order Management folder, it will do so at the /online folder of your currently open SalesCart shopping cart. Next, you will need to publish your local site to your remote web server. Using FrontPage, publish your entire shopping cart site as you normally do to your web server. Since the order management plug-in uses the SalesCart1 database connection there should be no need to do any further configuration accept to configure access.
You need to secure the Order Management Plugin system with an administrative password. By default, the order management system is completely wide open so that "you" can sneek in the first time. The SalesCart Order Managment plug-in comes with a single script that will create a one-time administrative user and then subsequently delete this file and thus remove the ability to sneek back in. This file: CreateAdmin.asp should never be left on the server.
Note:
SECURITY WARNING! Ultimately security is
your responsibility. You should never leave a copy of the
createadmin.asp file on your web server.
Anyone who runs this asp file via the Internet can create a new temporary administrative
user and password.
Access the Order managment plug-in by starting your Internet Explorer web browser and setting the address to: http//www.yourdomain.com/online/default.htm. You should see a screen similar to the following
Since this is the first time running the Order Management plug-in, you do not have a userid and password. Click the Sneek In button to create a temporary userid and password and to delete the special sneek-in asp creation file.
Note:
SECURITY WARNING! The Order Management plug-in
interface is designed to run a speical ASP file to create a new administrator
and password and then immediately delete it form the web server afterwards. By
default, this radio button is on. If you turn, this radio button off, the createadmin.asp
will not be deleted and anyone who access and runs this file afterwards will be
able to have full access to all of your orders.
The createadmin.asp creates a new user with the userid: none and the password: none. You must immediately change this to something unique to secure your Order Management plug-in.
Specify a new User ID and a new Password and press modify. You may also use this screen to add additional "blank" accounts as well. Next time you return to the login page of the Order Managment system you will use your now modified User ID and Password.
Note:
SECURITY WARNING! The security provided by
the online management system assumes that all userid and password information
will be transmitted securely via an https connection to your specific domain.
Anything less than this is a significant compromise in security. This mechanism
provides a reasonable amount of security since the userid and password information
is transmitted in an encrypted format while over the Internet. If you wish to
increase security even further, work with your ISP or service provider to "control"
access permissions to the /online folder. Securing files at the file level or
OS level for a particular user will provide additional and further security which
we advise whenever possible.