Announcement

Collapse
No announcement yet.

actinic ftp site not secure

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    actinic ftp site not secure

    Hi, I hope someone can clear this up for me, I might be wrong
    I have just uploaded our snapshot to actinic support as we have an issue with actinic payments that they are looking into.
    Once uploaded I noticed I can access any other snapshot on that server directory and download, I did not download for obvious reason but I could off if i wanted to.
    I spoke to support about this and they said at the end of each day they delete the snapshots from the server, but this gives me a whole day to download whatever i see fit.
    I pointed out that server permissions should be set for upload only and not download, am i missing something here or is actinic not taking security very seriously.
    Wesley
    Treasure Island Sweets
    Tags: None
    #2
    I notice that this is the case too. Whilst not suggesting this is correct there are a number of things you could do...

    Put the snapshot on your own server and send them the link.
    Make a support snapshot which excludes sensitive data.
    Open the acd file with winzip7 and add a password to it - or place the snapshot in a password protected zip file.

    Comment

      #3
      As Duncan says you should be using the support snapshot and rather than uploading to thief server use an online service to transfer the snapshot

      Comment

        #4
        Originally posted by RuralWeb View Post
        ... thief server...
        Freudian slip?

        Comment

          #5
          Originally posted by drounding View Post
          Freudian slip?
          lol
          that darned iPhone, eh?
          Tracey

          Comment

            #6
            Sort your sausage fingers out Mal.

            Comment

              #7
              Trying to type while walking the dog - doooh

              Comment

                #8
                I also reported this to Actinic about 6 weeks ago, but on a email to keep it from the forum, (for obvious reasons) and was told they would be putting a stop to it. supprised nothing has been done after all its easy enough to cut and past to a different location after it is received
                Chris Ashdown

                Comment

                  #9
                  I now use WinRar to assign a password to the Zip file. Though even this still isn't a fully secure mechanism so a new, secure support ftp area is needed.

                  Comment

                    #10
                    This is inexcusable.
                    I too had reported this some weeks ago as we were in a position where both our own and a competitors snapshot sat side by side.

                    Everyone’s suggestion on how best to protect their snapshots is welcome. However this level of advice should come from support directly as many users are unaware of the risks or how to protect themselves from them.
                    I liken this to our retail customers having to take responsibility for their own credit card security when paying.

                    Support snapshots are obviously beneficial but it naïve to assume that the only merit in someone’s snapshot is their customers database.


                    (that’s my support ticket on the back burner for another month )
                    Donna
                    ******************

                    Common sense is not that common.

                    Comment

                      #11
                      Originally posted by Donna View Post
                      (that’s my support ticket on the back burner for another month )
                      You too?:P

                      This will hit those that are still breaking the law (re. PCI-DSS), nothing we can do about it until Actinic get their finger out, unfortunately.

                      Comment

                        #12
                        I understand this is a sensitive topic and it’s been brought to our notice a couple of time in the last few months. We are working on a solution for more secure transfer of files, likely to be a feature of the software, but in the meantime there are other options for sending files (most of which mentioned in previous posts), and we would always recommend using a Support snapshot as well, which is in the Troubleshooting dialogue under the Help menu, and removes customer information.
                        Ben Popplestone
                        Ecommerce website software

                        Comment

                          #13
                          Support snapshot are not safe to send either in my opinion because they still contain your website network settings (which are often required for support). I ask my customers to either upload to a safe place on their server and give me details or to email via mailbigfile or similar services. I think that this is better.

                          Regards,
                          Jan Strassen, Mole End Software - Plugins and Reports for Actinic V4 to V11, Sellerdeck V11 to V2018, Sellerdeck Cloud
                          Visit our facebook page for the latest news and special offers from Mole End

                          Top Quality Integrated label paper for Actinic and Sellerdeck
                          A4 Paper with one or two peel off labels, free reports available for our customers
                          Product Mash for Sellerdeck
                          Link to Google Shopping and other channels, increase sales traffic, prices from £29.95
                          Multichannel order processing
                          Process Actinic, Sellerdeck, Amazon, Ebay, Playtrade orders with a single program, low cost lite version now available from £19.95

                          Comment

                          Previous template Next
                          Working...
                          X