xt:Commerce/xtc:Modified Security Pack Version
So here it is, 3 steps to dramatically increase security in your xt:Commerce 3.04 SP2.1 (or xtc:Modified 1.01) online shop. The security pack is based on the PHP Application and Website Defense Library (SSEQ-LIB) and consists of:
- Current version of SSEQ-LIB, the PHP Application and Website Defense Library.
- Some slightly modified xt:Commerce/xtc:Modified files to prevent Cross Site Request Forgery.
What the security pack is supposed to do
Having the SSEQ-LIB included instantly fortifies the xt:Commerce session and cookie. Your online shop then is secured against:
With the SSEQ-LIB filter mechanism (aka. Web Application Firewall) and a customized filter definition for xt:Commerce/xtc:Modified even unknown or not patched security flaws in your installation are closed. The filter additionally secures against:
- Cross Site Scripting
The security pack also comes with some slightly modified files from the original xt:Commerce/xtc:Modified shop. The changes consist in fact of two well placed functions which make sure your shop is secured against:
- Cross Site Request Forgery
You may want your shop be secure in minutes. You’ll be happy to read the installation instruction. But first I really encourage you to make a backup of your shop – you’ll maybe need it.
- Download xt:Commerce/xtc:Modified Security Pack Version 0.1.
- Make a copy of your files – just in case.
- Unzip the Security Pack in your fresh xt:Commerce/xtc:Modified installation and override any files.
- You are done now.
Not having an original xt:Commerce at hand, I took xtc:Modified 1.01 (http://www.xtc-modified.org) which is in fact xt:Commerce 3.04 SP2.1 with some extra. So using the Security Pack may work well for you, elsewhere restore your shop with the files you have saved before installing the Security Pack.
Security Pack 0.8 for xtc:Modified 1.01xtcModified_1.01_security_pack_v08.zip
Security Pack 0.2 for xt:Commerce 3.0.4 SP2.1xtcommerce_3.0.4_SP2.1_security_pack_v02.zip