Shopping supports the use of multiple Shopping Websites, with a single installation of Shopping Central including database, with an additional Website installed in an internet facing scenario.
Installing the Shopping Web on a DMZ
When configuring Internet facing shopping, there will be at least one Shopping Web installed on the internal network with the basic Shopping installation. A web-only version of the Shopping Web should be installed onto a DMZ so that it may be accessed externally by an user over the internet.
Shopping Website security
The Shopping Website relies on cookies to store information such as the active tab to maintain the state of the tab for a particular user. Cookies set over HTTP are not secure as the protocol has no support for encryption. Any network interception or monitoring tool can exploit these cookies to gain unauthorised access to user information. To this end, we have introduced the secured cookies feature whereby communication between the Shopping Website and client machines are encrypted using transport layer security before it is sent over the network.
To enable the secure cookie feature:
- The Shopping Website must run over HTTPS.
C:\Program Files (x86)\1E\Shopping\WebSite\Shopping\.
- Locate the
<system.web>element and update
<httpCookies requireSSL="true" lockItem="true"/>(line 48 in our example).
- Save the file.
To mitigate against cross frame scripting (XFS), the Shopping Web can no longer be parsed in an iFrame on another site. This security feature is enabled by default. However, if you are certain that you are safe from XFS, you can comment out the
<X-Frame-Options> settings in the
Post installation configuration
Following the installation of the components you would then need to make the following changes:
- Update Web URL in the Shopping Admin Console to refer to the Shopping Website on the DMZ
Shopping Website maintenance
After installation and initial configuration you will need to ensure that changes made to the email templates and Shopping preferences are maintained as follows:
- You will need to ensure that the email templates on the internal Shopping Website and the Shopping Website on the DMZ are in sync.
- If any Preferences are changed in the Shopping Admin Console an IIS reset will be required in the Shopping Website on the DMZ.
Each installation of a Web-only Shopping Website must be licensed separately. They can be re-licensed using the following command line on the machine where the Shopping Website is installed: