Archives For Web Development

Any general web development topics are covered here, ranging from ecommerce web stores, search engine optimisation or store optimization to framework discussion.

So I have got my first review for my Free Magento Installation offer, I’m very proud of it and thought I’d share it with you all.

I Helped Konrad Bloor install Magento for his store East To West. The store isn’t live yet obviously because Konrad is still configuring it and setting up his inventory. Here is what he had to say about the quality and professionalism of my work:

“Ashley’s magento services were just what we were looking for – we’d attempted an install ourselves but just couldn’t make it work. We wanted to use magento but setting it up was very complex, and we’d been coming up against a brick wall again and again.

“He first highlighted something about our hosting that had become incompatible with magento. Once we fixed that with our hosting company, he very quickly gave us a working install with a sample product (testing upload capability) and an obscured admin login to provide some protection against attack. He took care to establish trust, and backed up our existing attempt at installing. We also run a blog from that hosting on the same site, and because he left everything else alone apart from magento, that was still working as I expected. We don’t run cpanel but he figured out our control panel to get everything done without being given any instructions at all.

“I couldn’t be more pleased and would recommend his magento services to anyone – he obviously knows magento very deeply. I would happily hire him again.”

Konrad’s review has been added to my services page, which you should check out if you are interested in help with a Magento install or would like to discuss any Magento related services. As of right now I still have 2 remaining Free installations, with 2 reviews pending, so if you would like to get professional Magento help, and do not mind writing a comprehensive review like Konrad’s, then please get in touch with me.

This post will describe a simple technique to secure your Magento virtual host with basic HTTP password protection provided by Apache. This can be useful if you want to keep users away from the webstore during development, or if you sell products wholesale and do not want unauthorized users to view your catalog/pricing.

To be very clear from the outset, this technique uses basic HTTP authentication, which if used over HTTP (rather than HTTPS) affords no security for the passwords while they are in transit across the internet. If you are interested, you can learn more about the limitations of basic access authentication. As a simple mechanism for keeping people out of a site, it will do just fine. If you store your nuclear missile access codes in a Magento store database, do not use this technique to protect them, please.

Normally when I’m developing a new site I just use virtual hosting and a modified operating system hosts file to prevent people visiting it while it’s in development. I realize that’s not really security, more obscurity, but it has worked fine for me in the past.

Recently I have had a need to more fully protect a site, but also to make it public via DNS records. In a nutshell the steps required are, configure virtual hosting for your webstore, configure Apache authentication, setup a user/password and reload apache. I’ll run through everything in detail below.
Continue Reading…

Everyone with a Magento store will recently have seen the notification that a possible CSRF attack against the Magento admin interface has surfaced. I thought I would take this opportunity to give a quick overview to CSRF(Cross-site request forgery) attacks, particularly how they work against web administration panels such as Magento and ways to protect Magento and other web applications from these sort of attacks.

The CSRF Basics

The easiest way to explain the attack is to think about what is happening under the hood when you are navigating a web page. You browser makes requests to the remote server for content, and to manipulate data stored on the server. In a strict RESTful approach to web applications, your browser will make GET requests when you are reading information and POST or PUT requests when you are creating or updating information.

Continue Reading…

I was recently asked for help on a Google Checkout problem where the Google Checkout Button on the Magento cart page was disabled with a message saying: “Not available with these items“.

I had a look at the Magento store in question and found a few clues to go on but a
Google search on the subject proved to be of little help unfortunately. The button looks like the one shown in the screenshot below:

The disabled Google Checkout button on the Magento cart/checkout screen. It looks like the normal one only greyed out.

The disabled Google Checkout button on the Magento cart/checkout screen. It looks like the normal one only greyed out.

The underlying URL for the button is:

 <img src="https://checkout.google.com/buttons/checkout.gif?merchant_id=5677186919&amp;w=180&amp;h=46&amp;style=white&amp;variant=disabled&amp;loc=en_US" alt="Fast checkout through Google" />

The big clue was the parameter on the Google Checkout button image URL on the problem store. It had variant=disabled which is generated server side, and so had to be coming from somewhere within Magento. A big fat grep over the code uncovered a variant=' string fragment in Link.php.

Continue Reading…

I have recently put together a simple little Magento review and design showcase site called Magento Parade. It’s a chance for Magento designers and developers to check out stunning stores and get inspiration. For designers and developers with innovative ecommerce stores it’s a great chance to get some feedback on your stores and see how they are rated by your peers.

Screenshot from Magento Parade

I’ll be periodically adding a review and seeking feedback from other developers and designers. If you have a magento store you think is pretty special then suggest your store for review in the showcase.

I’m also really keen to try and find some guest reviewers to offer their expert feedback on the showcase stores. If you have specialty knowledge in ecommerce SEO, or web marketing and would be keen to offer some tips or advice, please get in touch with me to discuss.