Tag: Magento

Posted on

A simple way to password protect your Magento store

This post will describe a simple technique to secure your Magento virtual host with basic HTTP password protection provided by Apache. This can be useful if you want to keep users away from the webstore during development, or if you sell products wholesale and do not want unauthorized users to view your catalog/pricing.

To be very clear from the outset, this technique uses basic HTTP authentication, which if used over HTTP (rather than HTTPS) affords no security for the passwords while they are in transit across the internet. If you are interested, you can learn more about the limitations of basic access authentication. As a simple mechanism for keeping people out of a site, it will do just fine. If you store your nuclear missile access codes in a Magento store database, do not use this technique to protect them, please.

Normally when I’m developing a new site I just use virtual hosting and a modified operating system hosts file to prevent people visiting it while it’s in development. I realize that’s not really security, more obscurity, but it has worked fine for me in the past.

Recently I have had a need to more fully protect a site, but also to make it public via DNS records. In a nutshell the steps required are, configure virtual hosting for your webstore, configure Apache authentication, setup a user/password and reload apache. I’ll run through everything in detail below.
Continue reading A simple way to password protect your Magento store

Posted on

How to use the MAMP Mysql command line client in a terminal

Coming from a Linux background, one of the things I didn’t like about MAMP was the way it hid away the mysql command line interface. Once you are comfortable using it, the CLI is a powerful and quick method of interacting with a mysql server. I just wanted to share a quick and easy way to access the MAMP mysql command line client on Mac OSX.

Firstly you can run the Mac OSX terminal easily by just typing:

ctrl + space bar (to access spotlight)

Then start typing ‘Terminal’ before you have even finished the little Apple gnomes will have guessed you want to open the Terminal (which of course you do). Start the Terminal by hitting enter when spotlight highlights the Terminal app.

Now that you are in a Terminal you are able to do all sorts of excellent things to your Mac. For now though, we’ll stick to running the mysql client. The client is located in /Applications/MAMP/Library/bin so to run it execute this command:

/Applications/MAMP/Library/bin/mysql -uroot -p

Continue reading How to use the MAMP Mysql command line client in a terminal

Posted on

Top 3 Solutions when your Magento Categories are not displaying

Here are 3 quick solutions to try if you do not see your Magento store categories after a fresh install of Magento or an upgrade to the latest version. I wanted to post this because I just recently helped install Magento for someone (one of my 5 free Magento installations) and experienced this. The installation version was the latest Magento version, 1.2.1.2 and product categories did not show up on the frontend after they were added in the administration interface.

The top 3 solutions to this in my experience are:

  1. The categories not added as sub-categories of the Default, Root category.
  2. The Magento store configuration has no default category set.
  3. The category cache requires a refresh.

I’ll cover each of these points in more detail with screenshots, so that if you are having trouble with your categories not showing up you can hopefully solve the problem.

Continue reading Top 3 Solutions when your Magento Categories are not displaying

Posted on

Magento CSRF attack: A Simple Explanation

Everyone with a Magento store will recently have seen the notification that a possible CSRF attack against the Magento admin interface has surfaced. I thought I would take this opportunity to give a quick overview to CSRF(Cross-site request forgery) attacks, particularly how they work against web administration panels such as Magento and ways to protect Magento and other web applications from these sort of attacks.

The CSRF Basics

The easiest way to explain the attack is to think about what is happening under the hood when you are navigating a web page. You browser makes requests to the remote server for content, and to manipulate data stored on the server. In a strict RESTful approach to web applications, your browser will make GET requests when you are reading information and POST or PUT requests when you are creating or updating information.

Continue reading Magento CSRF attack: A Simple Explanation

Posted on

Google Checkout disabled – Not available with these items

I was recently asked for help on a Google Checkout problem where the Google Checkout Button on the Magento cart page was disabled with a message saying: “Not available with these items“.

I had a look at the Magento store in question and found a few clues to go on but a
Google search on the subject proved to be of little help unfortunately. The button looks like the one shown in the screenshot below:

The disabled Google Checkout button on the Magento cart/checkout screen. It looks like the normal one only greyed out.
The disabled Google Checkout button on the Magento cart/checkout screen. It looks like the normal one only greyed out.

The underlying URL for the button is:

 <img src="https://checkout.google.com/buttons/checkout.gif?merchant_id=5677186919&amp;w=180&amp;h=46&amp;style=white&amp;variant=disabled&amp;loc=en_US" alt="Fast checkout through Google" />

The big clue was the parameter on the Google Checkout button image URL on the problem store. It had variant=disabled which is generated server side, and so had to be coming from somewhere within Magento. A big fat grep over the code uncovered a variant=' string fragment in Link.php.

Continue reading Google Checkout disabled – Not available with these items