Secure Order Page (SSL)
By default the store ships with settings to not enter orders in SSL secure mode. This is so that you don't need a secure certificate just to test the application. To turn on SSL operation you need to have a secure certificate installed on your Web server (check the Web Connection Security topic for details). Next set SecureOrderPage=On in WebStore.ini.

Administration Tasks
Security settings in the server application determine who can gain access to the Administration page. The most important setting in this respect is the Admin user flag in the WebStore.ini file, which is the username(s) of the user that has access to the Administration page. Use Any for any validated NT account or WCINI for the user setting stored in your wc.ini or one username or multiples in a comma delimited list.

In addition you should probably also protect the Admin Web directory by removing the IUSR_ account from the permissions and forcing a login to the admin page.

If you add additional mainenance requests to the wwStore application it's recommended that you use the convention started by the existing code:

• Use maint as the method prefix
  All Admin methods should have a maint prefix. For example, maintReindex, maintDownloadOrders etc.

• Add Login code
  All maintenance requests should prompt users for username and password info through Basic Authentication. This is easily done with this code:
  

  IF !THIS.Login(Config.cAdminUser)
     RETURN
  ENDIF   
  

  
  

Offline Reader
The offline viewer also requires configurations of several security settings including your username and password to access the server and which credit card providers. Use the Config option of that application's toolbar to set security settings which includes email server login information, credit card processing login info if any and passwords to connect to the remote site for invoice and product up and downloads.