Issue #26: March 24, 2003

By Harald Ponce de Leon

March 24, 2003

Live Discussions Offline
Security And Privacy Proposal Updates
New File Upload Class
Contributions Added/Updated In The Last 3 Days

Live Discussions Offline

The IRC based Live Discussions section on the support site has been taken down due to the activities there remaining unmonitored.

The original intentions of the section was to provide a possibility of chatting with project developers on special events and occassions.

The Live Discussions section will from now on be brought online for the duration of the special events when they occur.

Security And Privacy Proposal Updates

Two key features of the Security and Privacy Proposal were realized and are now in CVS.

Gary Burton has put together some logic to prevent session IDs appearing on the url for search engine spiders, which has been applied and when enabled, is active when the force cookie usage feature is disabled.

The session ID generated for customers upon entering the online store is now regenerated when the customer either logs in or creates an account. This feature only works when both HTTP and HTTPS servers share the same top level domain, and when PHP 4.1 or greater is in use, due to the session cookie having to be reset.

Ross Lapkoff and Marcel van Lieshout have finished their version of the Security and Privacy Proposal designed for shared SSL certificate servers, or for servers where the top level domains differ for HTTP and HTTPS servers. The work involved here will be looked into and be discussed over to see how it can be implemented into the proposal realization.

Henri Schmidhuber has also worked on the proposal, realizing the customer IP Address and Browser User Agent verification features. The work involved here will also be looked into to see how it can be implemented into the proposal realization.

New File Upload Class

A new file upload class has been introduced on the Administration Tool, which simplifies how uploaded files are processed in the logic used.

The class is self contained and can process a file by storing it on the server, assign file permissions, and verify the extension for security purposes, all with one line of code.

Plans are being made to update the class so that it eases the process of uploading category and product images by walking down the directory tree where the image is to be stored, automatically creating non-existing directories along the way.

Contributions Added/Updated In The Last 3 Days

Sales Report 2
Easy Populate
Multi Pickup (MS1)
whos_online with country and flag
Egipsy
Ship 2 Pay v1.0 (MS1)
Ship In Cart (MS1)
AdminLogin-0.0.5
Recommendations (MS1)
send_order_html_email_v1
Down for Maintenance v1.0
* coolMenu
SecureHosting