By Garrett Blanton posted on Wednesday, March 10, 2010 @ 1:54 PM - (How To's)
JVF Consulting takes great pride in making sure all of our websites are secure when they’re deployed. Visitors to your website should not be able to browse or download files they’re not supposed to. For those of you with Apache servers who haven’t disabled index browsing these steps will help protect your files from being exposed to the public. When you deploy a website on an Apache server, it can be vulnerable unless you protect it by applying the most basic security feature, disabling directory browsing. To disable directory browsing in apache web server you need to edit the .htaccess file located in the root directory.
To disable directory browsing using .htaccess first locate and open the htaccess file. If you do not see a line that says Options –Indexes, create a new line and add it. Once the file is saved and uploaded your website is now secure.
For those of you who have cPanel installed on their hosting environment, first login to your cPanel dashboard. Next, click on Index Manager. From there you will be taken to a directory list. Click on the directory name which you want to disable. Select the No Indexing box, and click Save. The directory browsing feature is now disabled.
This simple 5 minute step of precaution could save you hours of hard work if your server was ever compromised. Here is an example of the 404 page you will be redirected to if you setup the htaccess file correctly.
By Jason Franco posted on Friday, February 19, 2010 @ 11:26 AM - (How To's)
The following is a guide for those folks that want to setup a proper development environment for building out a Magneto cart on your local windows box. I’m one of those old school developers that like’s to have a multi-phased approach when it comes to developing, testing and deploying a website. The first step of this process is to get your local windows development box setup to properly run the MySQL Database, the Apache Web server and most importantly trick your machine into believing it’s the actual server that hosts the domain.
Now, we’ve checked online and seen a bunch of places saying that this is not possible and to have Magento working on a Windows box and that you need to install Ubuntu to get this working. This couldn’t be farther from the truth and just adds unneeded complexity. So let’s keep it as simple as possible.
Download the XAMPP from Apache Friends: http://www.apachefriends.org/en/xampp-windows.html. We’re currently using XAMPP Version 1.6.6a, however, feel free to use the latest. Which has some differences and some Apache/MySQL extensions turned on default, but it will all work the same.
It’s a very simple install and you can follow the instructions without really changing any of the defaults. However, for the sake of this document, we’ll change the install directory to the use the original settings that XAMPP used to come with and install to:
C:\apachefriends\xampp
Once XAMPP is installed, we’ll need to setup our environment to handle multiple site development as well as for properly running Magento. We’re a web development shop, so we find that we need to work on multiple sites as once to properly support our customers.
For the purpose of this document, we’ll be building out a website for CleanEase.
Navigate out to your “C:\apachefriends\xampp\htdocs” directory and create the new “cleanease” folder:
We’ll then need to make sure that both the Apache & MySQL environments are setup for what Magento needs.
MySQL
We’ll need to edit the configuration files to support the InnoDB transactional storage engine otherwise you’ll get nowhere fast. Navigate out to your local my.cnf file found at: C:\apachefriends\xampp\mysql\bin\my.cnf. Open this up into your text editor of choice and make sure that the InnoDB settings are not commented out. It should looks something like this:
# Comment the following if you are using InnoDB tables #skip-innodb innodb_data_home_dir = "C:/apachefriends/xampp/mysql/" innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = "C:/apachefriends/xampp/mysql/" innodb_log_arch_dir = "C:/apachefriends/xampp/mysql/" ## You can set .._buffer_pool_size up to 50 - 80 % ## of RAM but beware of setting memory usage too high innodb_buffer_pool_size = 16M innodb_additional_mem_pool_size = 2M ## Set .._log_file_size to 25 % of buffer pool size innodb_log_file_size = 5M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50
Make sure that the “skip-innodb” line is commented out, but all the other settings can use the defaults that are already specified. Save and close the file.
We usually have MySQL installed as a service, so get into your Services Control Panel and restart it:
Apache
Configuring the php.ini file
We’ll need to enable a few extensions for Magento to work properly. To do this, open up your php.ini file. The version of XAMPP we use (Version 1.6.6a ) has two php.ini files, however, the one that is really used by the web server is found in the Apache bin directory:
C:\apachefriends\xampp\apache\bin\php.ini
Note: On the newer version of XAMPP, we’ve found that they’ve finally cleaned things up and only have one php.ini file found in C:\apachefriends\xampp\php\php.ini. So please make sure to update this file.
Make sure the following extensions are active. Meaning, that you just need to remove the “;” (semi-colon) character out from in front of it:
IMPORTANT: This is the best way to go about installing a local version of Magento on your box and will allow you to easily deploy this out to your production environment without having to jump through a bunch of extra hoops.
We usually have Apache installed as a service, so get into your Services Control Panel and restart it:
Next, go out and download Magento, you can find the No Registration download page here: http://www.magentocommerce.com/download/noregister. Make sure to get the “Full Release - stable version” download and don’t mess around with the other ones, I’ve found that they just lead you down the wrong path and take far too long for an install process. For this document, we’re using version 1.3.2.4, which we downloaded on 2/10/2010 and now I see another version 1.4.0.0 as of 2/12/2010. Why do these guys put out so many releases so quickly?
Once this is downloaded, you’ll want to exact the zip file into the CleanEase folder: C:\apachefriends\xampp\htdocs\cleanease.
As you can see from the files in the zip, it will still extract them to a “magento” folder, so we’ll just need to move all of those files one level up:
Setting up your “hosts” file
This is the most IMPORTANT step throughout all of this process. Without this step, the cookies of the Magento install will not work properly and the database will not properly install when going through the Magento setup.
You can find your local “hosts” file in the following location:
C:\WINDOWS\system32\drivers\etc\hosts
There is no file extension, but you can easily open this in Notepad or any text editor.
Make sure to add the following domain entry to point to your localhost IP address:
127.0.0.1 www.cleanease.com
It’ll look something like this:
Save the file
Create an empty database called “cleanease” within your phpMyAdmin instance:
Now that you’ve done all the setup, it’s now time to hit your local instance via your favorite web browser to start the Magento Installation Wizard. Open up the www.cleanease.com website in your browser, and if you did all the above setup correctly, you’ll see the first part of the Magento installation screen:
Feel free to use the default settings for the Localization:
Make sure to enter in the “cleanease” database name, check also check the following:
Skip Base URL validation before next step
Use Web Server (Apache) Rewrites
This part of the process will take a bit of time as its building out the database and setting up your environment. However, if all works well, it will take to the final step of the wizard to create the administrator user:
Once you get through this portion, it will ask you if you want to go visit the frontend or login to the backend. Feel free to login to the backend to start setting things up. A few things to note:
You can always use a different domain, it would be best to use the one you wish to ultimately install to.
In addition, you can use any database name or directory name you wish, but just make sure you use ones that are consistent with the domain name so you can easily track them.
Make sure to edit your httpd.conf file, specifically the DocumentRoot value to the directory you wish to run your other Magento instances.
Now that we’ve got this process down, we can finally use proven development techniques to get our websites looking exactly the way our clients want on our local boxes before we move them to production.
By Garrett Blanton posted on Wednesday, August 20, 2008 @ 2:36 PM - (Tips & Tricks)
Lend-A-Check Continues to Set Higher Standards
Lend-A-Check has been serving the financial needs of Northern Nevadans since 1993. Always striving to meet the changing needs of their customers, Lend-A-Check realized they needed a faster, more reliable website with the latest encryption available to ensure that its customers data is safe and secure. The original software was originally built with a form of encryption that was not up to par with the standard of today. The software company the built their infrastructure would not return phone calls, make minor changes, or would even return phone calls. This was the last straw for Lend-A-Check and they began their search for a new business solution. This is where JVF Consulting stepped in.
Once we gained access to their current software we were able to assess the issue and set forth a game plan that would put Lend-A-Check back on the right track. The first step was building out a new server. In this case Apache Tomcat was implemented along with Java Servlet (JSP) technology. This technology utilizes the rapid development of web-based applications that are server and platform independent. Once the new server was functioning correctly we then deployed the latest in encryption 256-bit.
Encryption is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process makes the users information unreadable to all.
Lend-A-Check continues to set higher standards with the services they provide, and the manner in which they offer them. JVF Consulting is here to help your company exceed its customers expectations with encryption technology. Contact us anytime to learn about our business solutions and services.
