Security Information

Transmission Encryption

ClickCartPro is capable of running under the Secure Sockets Layer (SSL) protocol with encryption keys of any length. Kryptronic recommends using a minimum 128 bit encryption key when accepting credit cards online. The software can utilize a shared or dedicated SSL certificate from a Certificate Authority (CA) such as Verisign, Thawte, Equifax, etc. When using offline credit card processing, it is recommended that the entire administrator application be run under SSL. If the software is accepting credit card or check information online using either a realtime processing gateway or an offline method, the payment information entry screen will be displayed under SSL.

Data Protection

It is highly recommended that the 'data' directory installed with the program be installed so that it cannot be browsed via the web. Merchants who will be running this package on Apache webserver with .htaccess file protection enabled can choose to place this directory in the same location as the web accessible portion of their site. .htaccess files are provided with the directory to ensure browsing via the web will not be allowed. For those owners with Windows servers or for those not running Apache webserver, it is highly recommended that the data directory be stored in a non-web accessible portion of your webserver account.

Data Encryption

This program encrypts sensitive data before it is stored in database tables using a HCE_MD5 module. This module implements a chaining block cipher using a one way hash with two keys. One key is established within the CGI code and the other is unique to each installation (or order). This method of encryption is the same that is used by Radius (RFC2138). All encrypted data is Mime Base64 encoded for transport. Information that is encrypted includes (but is not limited to): user passwords, processor transaction keys, processor passwords, realtime shipper passwords and payment information.

Administrator Utility

The web-based administrator utility is protected by several security modules. To gain access to the administrator a user must provide a valid username and password which are matched against stored data. If a user is allowed to gain access to the utility, they are presented with functions based on the access level associated with the username they provided at login. The access level and username/password are granted by a 'webmaster' level user. With each new request issued by the user, their login status is validated based on their active username, a session id unique to each request and their IP Address.

Order Processing

As metioned above, SSL with encryption is recommended for all transactions where payment information is collected. For most processing gateways, SSL is a requirement if payment information (credit cards numbers, cvv2 codes, aba routine numbers and bank account numbers) is passed to the gateway. The most secure methods of interaction with processing gateways are ones that use behind the scenes connections to process transactions. Authorize.net's AIM interface is an example. For processing under an AIM type interface, several Perl modules must be installed on the server: Crypt::SSLeay, HTML::Parser, HTML::Tagset, IO::Socket::SSL, libnet, libwww-perl, MIME::Base64, Net_SSLeay and URI. These modules allow two SSL servers to communicate freely in the background.

A Note About Passwords

Because the administrator utility is accessible via the Internet, choosing a good password is of great importance. Some tips for creating a good password are: Change all of your various passwords at a reasonable frequency (at least twice a year). Use alphanumeric (letters and numbers) passwords that are at least 8 characters long. Use a combination of two of the following: letters, numbers, uppercase, lowercase, or symbols. Do not use the same password on multiple systems. Do not use a password that includes your name or any information about yourself that is easily available to others. Do not use words that are found in the dictionary in your password.


             Links

::  Manuals
::  Release Notes
::  License Agreement
::  Upgrade Policy
::  Security
::  Reseller      

             Important Links

30 Day Money Back Guarantee

Purchase with confidence. GreenbarnWeb offers a 30 day money back guarantee on ClickCartPro software.
more >>>     


Online Demo
There are two separate demos available, one for the online site and the other for the site administrator.
more >>>     



Customer Websites
See some examples of the online shops produced using ClickCartPro.
more >>>     

User Feedback

"We'd looked at shopping carts for months and were quite skeptical that CCP would work for us at a fraction of the price. Were we ever wrong! The installation was a breeze, the functionality is flawless and the service is outstanding." -Richard J. Lucibella, S.W.A.T. Magazine.
more >>>

EU Version
Are you looking for th EU version of ClickCartPro?
more >>>     

USA Version
Are you looking for th USA version of ClickCartPro?
more >>>     


Greenbarnweb.Com © 2003 - 2006 • Privacy PolicyTerms Of Use

Disclaimer:
"All Kryptronic Software is copyrighted, trademarked, developed and licensed by Kryptronic, Inc. Kryptronic Software is distributed under license. Visit www.kryptronic.com for more information. European customized versions of Kryptronic Software are trademarked, distributed and supported by GreenBarnWeb (Greenbarn Consultants Ltd.)."