Archives For Web Development

Any general web development topics are covered here, ranging from ecommerce web stores, search engine optimisation or store optimization to framework discussion.

A simple way to password protect your Magento store

March 20, 2009 — 5 Comments

This post will describe a simple technique to secure your Magento virtual host with basic HTTP password protection provided by Apache. This can be useful if you want to keep users away from the webstore during development, or if you sell products wholesale and do not want unauthorized users to view your catalog/pricing.

To be very clear from the outset, this technique uses basic HTTP authentication, which if used over HTTP (rather than HTTPS) affords no security for the passwords while they are in transit across the internet. If you are interested, you can learn more about the limitations of basic access authentication. As a simple mechanism for keeping people out of a site, it will do just fine. If you store your nuclear missile access codes in a Magento store database, do not use this technique to protect them, please.

Normally when I’m developing a new site I just use virtual hosting and a modified operating system hosts file to prevent people visiting it while it’s in development. I realize that’s not really security, more obscurity, but it has worked fine for me in the past.

Recently I have had a need to more fully protect a site, but also to make it public via DNS records. In a nutshell the steps required are, configure virtual hosting for your webstore, configure Apache authentication, setup a user/password and reload apache. I’ll run through everything in detail below.
Continue Reading…

In Apache, Magento, Magento Installation, Web Development , , , , ,
permalink

Magento CSRF attack: A Simple Explanation

March 3, 2009 — Leave a comment

Everyone with a Magento store will recently have seen the notification that a possible CSRF attack against the Magento admin interface has surfaced. I thought I would take this opportunity to give a quick overview to CSRF(Cross-site request forgery) attacks, particularly how they work against web administration panels such as Magento and ways to protect Magento and other web applications from these sort of attacks.

The CSRF Basics

The easiest way to explain the attack is to think about what is happening under the hood when you are navigating a web page. You browser makes requests to the remote server for content, and to manipulate data stored on the server. In a strict RESTful approach to web applications, your browser will make GET requests when you are reading information and POST or PUT requests when you are creating or updating information.

Continue Reading…

In Magento, Web Development , , , ,
permalink

Google Checkout disabled – Not available with these items

February 28, 2009 — 14 Comments

I was recently asked for help on a Google Checkout problem where the Google Checkout Button on the Magento cart page was disabled with a message saying: “Not available with these items“.

I had a look at the Magento store in question and found a few clues to go on but a
Google search on the subject proved to be of little help unfortunately. The button looks like the one shown in the screenshot below:

The disabled Google Checkout button on the Magento cart/checkout screen. It looks like the normal one only greyed out.

The disabled Google Checkout button on the Magento cart/checkout screen. It looks like the normal one only greyed out.

The underlying URL for the button is:

 <img src="https://checkout.google.com/buttons/checkout.gif?merchant_id=5677186919&amp;w=180&amp;h=46&amp;style=white&amp;variant=disabled&amp;loc=en_US" alt="Fast checkout through Google" />

The big clue was the parameter on the Google Checkout button image URL on the problem store. It had variant=disabled which is generated server side, and so had to be coming from somewhere within Magento. A big fat grep over the code uncovered a variant=' string fragment in Link.php.

Continue Reading…

In Google Checkout, Magento, Magento Installation, Web Development , , , , ,
permalink

Magento Parade – A Magento Design Showcase

February 28, 2009 — Leave a comment

I have recently put together a simple little Magento review and design showcase site called Magento Parade. It’s a chance for Magento designers and developers to check out stunning stores and get inspiration. For designers and developers with innovative ecommerce stores it’s a great chance to get some feedback on your stores and see how they are rated by your peers.

Screenshot from Magento Parade

I’ll be periodically adding a review and seeking feedback from other developers and designers. If you have a magento store you think is pretty special then suggest your store for review in the showcase.

I’m also really keen to try and find some guest reviewers to offer their expert feedback on the showcase stores. If you have specialty knowledge in ecommerce SEO, or web marketing and would be keen to offer some tips or advice, please get in touch with me to discuss.

In Magento, Projects, Web Development , , , , , ,
permalink

5 Free Professional Magento Installations

February 24, 2009 — 10 Comments

The first 5 Magento Installations I do will be free! Whats the catch? You have to provide me a review of the work I do and my professional service in general that I can put on my blog for others to see. Simple eh?

I’ve decided to start offering Professional Magento Installations as a service, there is high demand for a well installed Magento. All too many people with not quite enough knowledge or skills are having a go at it then ending up with failed installations. I have helped a number of people on the Magento forums who for a small fee could have saved themselves hours of headaches and had the work done quickly by a professional.

My standard price will be $99, I see that Magento themselves charge $149 – so naturally I wanted to make my Magento Installation cheaper without cutting back on quality or timeliness. I will often be able to install same day, and usually install within 2 days.

Of course the price is ZERO right now for a limited time I’ll install your Magento for FREE, so if you are contemplating it, get in touch with me.

Because I haven’t offered any professional service on this blog before I thought I’d offer to do the first 5 Magento Installations free of charge to get some references from happy customers! So if you want your Magento installed for you by an expert, check out my professional services page. Be in quick, I’m sure this won’t last.

In Magento, Magento Installation, Services, Web Development , , , , , ,
permalink