Enhancing site security

To enhance the security of your WebSphere Commerce site, you can enable various features in Configuration Manager.

• Log off a user that is inactive for an extended period and request they log back on to the system, using the Login Timeout node.

• Require users to change their passwords when they are logging in to the system for the first time, using the Password Invalidation node.

• Require users to enter their passwords if they are running requests that run designated commands, using the Password Protected Commands node.

• Update encrypted data such as passwords and credit card information as well as the merchant key in a WebSphere Commerce database, using the Database Update Tool node.

• Reject any user request that contains attributes or characters that are designated as not allowed, using the Cross Site Scripting Protection node.

• Quickly identify any security threats against WebSphere Commerce by enabling access logging.

In addition, you can enable the following features from the Security menu in the Administration Console:

• Set up an account policy for your site to define the account-related policies in use, by using the Account policy page.

• Set up a password policy for your site to control users' password selection characteristics, using the Password policy page (only if users are authenticated against the WebSphere Commerce database).

• Set up an account lockout policy for your site to reduce the chances of a user account being compromised, using the Account lockout policy page (only if users are authenticated against the WebSphere Commerce database).

 

Related tasks

Enabling password invalidation
Enabling access logging
Enabling cross-site scripting protection
Enabling login timeout
Enabling password-protected commands
Set up a password policy
Set up an account lockout policy
Set up an account policy
Updating encrypted data using Configuration Manager