I am a web designer setting up an online store for two of your customers.[nbsp][nbsp]I am using the software Online Merchant.[nbsp][nbsp]There is an info sheet that needs to be filled out by the web host.[nbsp][nbsp]It asks questions about the exact location of certain folders on the server, questions I cannot answer.[nbsp][nbsp]I need this to be completed before I can set anything up.[nbsp][nbsp]I can fax it to you to complete or I can call when someone is available to answer the questions.[nbsp][nbsp]Which ever is better. You can view this document online by going to http://www.onlinemerchant.com choose support, it is the ISP set up sheet.[nbsp][nbsp]Please let me know the best way to proceed.
Thanks,

Ami

Just curious as to whether this is the Online Merchant Standard Edition or the Commerce edition?

I noticed that the ISP info sheet does not ask any questions about SSL and its directory locations. Although the Website claims that the product is "secure," the standard installation method does not use the https protocol so that all customer provided credit card information is sent unprotected to the server. In addition, the Standard edition only supports emailing the orders and does this by sending the credit card information in plain text! These facts do not support their "secure" claim.

Rich

This is the standard edition.[nbsp][nbsp]Interesting points you made.[nbsp][nbsp]Does it make any difference that both stores will be placed in the secure folder on the server?[nbsp][nbsp]This software would not have been my choice, I have advised my clients of this fact.[nbsp][nbsp]However, they have both chosen a low end product to test the waters of e-commerce.[nbsp][nbsp]Any way to tweak Online Merchant to make it more secure?

Does it make any difference that both stores will be placed in the secure folder on the server?
If the site has been SSL-enabled and you place the installation in the secure directories, then the https protocol can be used to provide secure transactions between the customer and the server. However, the plain text email is still a huge security hole.
Any way to tweak Online Merchant to make it more secure?
Yes. (1) Upgrade the Standard edition to the Commerce edition ($49), (2) Install so that SSL is enabled for transactions, and (3) Turn off the e-mail feature and use either the E-Commerce Exchange or Authorize.Net payment services that the Commerce version supports.

Rich