Shopping Cart Software

Shopping Cart Software UK Customised Version of ClickCartPro XCS
corner image corner image
Links
Allow Cookie Saving

The GreenbarnWeb would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice.

I accept cookies from this site.

minicart top
Shopping Cart

There are no items in your shopping cart.

minicart bottom
Free Trial Version
15 day trial version

We offer a 15 day free trial version to new customers.
15 day free trial version

practical web magazine logo
"ClickCartPro is one of the best; it combines a broad-based backend with a relatively straightforward Web-based administration system. Best of all, it scales with your needs, allowing database integration for advanced inventory and accounts control, and providing seamless access to all the UK's major online payment processing services"

Customer Feedback

"CCP6 is fantastic, and I'm really enjoying working with it."
- Forum User QMStores

"I don't think I've ever been through a website install process that was as painless as this one."
- Forum User C3Motorsport

"I never ever expected all this... That's all I can say. (After installing CCP6)"
- Forum User davediamond

Read More Comments

Security

Transmission Encryption

ClickCartPro is capable of running under the Secure Sockets Layer (SSL) protocol with encryption keys of any length. Kryptronic recommends using a minimum 128 bit encryption key when accepting credit cards online. The software can utilize a shared or dedicated SSL certificate from a Certificate Authority (CA) such as Verisign, Thawte, Equifax, etc. When using offline credit card processing, it is recommended that the entire administrator application be run under SSL. If the software is accepting credit card or check information online using either a realtime processing gateway or an offline method, the payment information entry screen will be displayed under SSL.

Data Protection

It is highly recommended that the private directory installed with the program be installed so that it cannot be browsed via the web. Users who will be running this package on Apache webserver with .htaccess file protection enabled can choose to place this directory in the same location as the web accessible portion of their site. .htaccess files are provided with the directory to ensure browsing via the web will not be allowed. For those users with Windows servers or for those not running Apache webserver, it is highly recommended that the data directory be stored in a non-web accessible portion of your webserver account.

Data Encryption

This program encrypts sensitive data before it is stored in database tables using a HCE_MD5 encryption module. This module implements a chaining block cipher using a one way hash with two keys. One key is established within the codebase and the other is unique to each installation. This method of encryption is the same that is used by Radius (RFC2138). All encrypted data is Mime Base64 encoded for transport. Information that is encrypted and/or MD5 hashed includes (but is not limited to): user passwords, processor transaction keys, processor passwords, realtime shipper passwords and payment information.

Management Interface

The web-based Kryptronic Hybrid X Core (KHXC) management interface is protected by several security modules. To gain access to the management interface, a user must provide a valid username and password which are matched against stored data. If a user is allowed to gain access to the interface, they are presented with functions based on the access level associated with the username they provided at login. The access level and username/password are granted by a 'superuser' level user. With each new request issued by the user, their login status is validated based on their active username, a session id unique to each request and their IP Address.

Order Processing

As metioned above, SSL with encryption is recommended for all transactions where payment information is collected. For most processing gateways, SSL is a requirement if payment information (credit cards numbers, cvv2 codes, aba routine numbers and bank account numbers) is passed to the gateway. The most secure methods of interaction with processing gateways are ones that use behind the scenes connections to process transactions. Authorize.net's AIM interface is an example. For processing under an AIM type interface, the cURL extension to PHP is used. cURL allows two SSL servers to communicate freely in the background.

A Note About Passwords

Because the management interface is accessible via the Internet, choosing a good password is of great importance. Some tips for creating a good password are: Change all of your various passwords at a reasonable frequency (at least twice a year). Use alphanumeric (letters and numbers) passwords that are at least 8 characters long. Use a combination of two of the following: letters, numbers, uppercase, lowercase, or symbols. Do not use the same password on multiple systems. Do not use a password that includes your name or any information about yourself that is easily available to others. Do not use words that are found in the dictionary in your password.

corner image
Valid XHTML   Valid CSS   w3c wai aa
GreenbarnWeb.com © 2001 - 2017 | Privacy Policy | Terms of Use
corner image