osCommerce with WebMatrix – the easiest way

Microsoft giving great tools for free namely WebMatrix, which can help develop, test, and publish various kind of sites. It comes with dozens of templates, but still there are missing a few. Accepting some inconveniences, like missing IntelliSense, this gap can be bridged easily, like running osCommerce locally.

Select Templates

Select Templates

Launch WebMatrix
Click to the Templates

Select PHP and an Empty Site template, if some software is required WebMatrix will download and install it for you.
Go to the Databases tab and right click your website name, select New MySQL Database, and create one.

Create new MySQL database

Create new MySQL database

Create new MySQL database

Create new MySQL database

Launch your favorite file manager, and copy all the files which are necessary to the osCommerce installation, to the newly created sites virtual directory. In default settings that should be your C:\Users\[UserName]\Documents\My Web Sites\[your site name]\
Open the created web.config file and grab the user name and password to the MySQL database.

        <add connectionString="server=localhost;uid=commerceUleeq;pwd=Q+8X_Nl]l!B#;Database=commerce" name="commerce" providerName="MySql.Data.MySqlClient" />

Getting from that user name is “commerceUleeq”, password is “Q+8X_Nl]l!B#”.
Launch your site from WebMatrix.
You can finish your osCommerce installation, do whathever you want…


Relics from the past – they are still out

Many years ago, when the World Wide Web was relatively young, and many people was optimistic about security a lot of webpage was created with kind of security features which are this days are simply hilarious. Many of those pages are still out there, and working, and giving false sense of hope about security….

A few days ago I found a webpage, which are one of those old relics. Was a bit curious, so I hit the F12 button in my browser, to see what is under the hood.
I found this:

  <p>Login name : 
    <input type="text" name="text2">
<p> Password :
<input type="password" name="text1">
  <input type="button" value="Log in!" name="Submit" onclick=javascript:validate(text2.value,"User",text1.value,"123456") >
<p>You need to log in to see the Honey Pot! </p>

And few lines lower there was a script block:

function validate(text1,text2,text3,text4)
	if (text1==text2 && text3==text4)

Well, basic HTML and JavaScript don’t give much to secure the sites, but still that code is just really nothing. Basically it’s just waste of lines of code. So many webpage is out there still using its kind of techniques, giving false sense of security. In 2013, it’s not too hard to replace those codes, ones, which provide more security. This kind of “security” is penetrable for everyone over age 2.5.

Actually, there are easy to found much worst thing. Few days ago, with my colleagues we checked what Jenkins page can reveals us. The sights was terrible, actually it’s kind of horror. There was our login name with our passwords in its source! Basically everybody can get the login and password information to gain access others accounts, who can access Jenkins… So, basically after every check-in you should change your password…. :/