config-web-browser-capabilities-detection

Browser Capabilities Detection

As is true of most websites and applications on the Internet, Magento requires that the visitor’s browser allow both cookies and JavaScript for full operations. However, occasionally a user’s browser might be set to the highest privacy setting which disallows both cookies and JavaScript. Your store can be configured to test the browser capabilities of each visitor, and to display …

config-web-session-validation-settings

Session Validation

Magento Community allows you to validate session variables as a protective measure against possible session fixation attacks, or attempts to poison or hijack user sessions. The Session Validation Settings determine how session variables are validated during each store visit, and if the session ID is included in the URL of the store. The validation checks to see that visitors are who they …

config-customer-captcha

Customer CAPTCHA

CAPTCHA can be required to log in to a customer account, or be configured to appear after several unsuccessful attempts.. It can also be used for other forms in the storefront. To configure CAPTCHA for customers: 1. On the Admin menu, select System > Configuration. Then in the panel on the left under Customers, select Customer Configuration. 2. Set Current …

captcha-admin-login

Admin CAPTCHA

For an extra level of security, you can add a CAPTCHA to the Admin Login page. Administrator users can reload the displayed CAPTCHA by clicking the Reload icon in the upper-right corner of the image. The number of reloads is not limited. To configure CAPTCHA for the Admin: 1. On the Admin menu, select System > Configuration. Then in the …

captcha-customer-login

CAPTCHA

CAPTCHA is an acronym for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” A CAPTCHA is a visual device that ensures that a human being, rather than a computer, is interacting with the site. CAPTCHA can be used for both the Admin and customers. Users can reload the CAPTCHA as many times as is necessary by clicking …

config-advanced-admin-security

Security Configuration

The security settings give you the ability to control the lifetime of user sessions, and whether to allow your Magento store to run in a frame. (This setting can prevent clickjacking.) In addition you can add a secret key to URLs, and determine the case sensitivity of login credentials. For security reasons Magento strongly recommends against running your store in …

magento-security

Security

In this section of the guide, you will learn how to manage Admin sessions and credentials, implement CAPTCHA, and manage website restrictions. Magento Security Best Practices All eCommerce sites are attractive targets to hackers because of the personal and payment information that is required to complete a sale. Even if the system does not directly process credit card transactions, a …