2012

This week saw the inaugural Click Frenzy sale generate a huge amount of interest in Australian eCommerce, and we are proud to have been the developer responsible for delivering the website for the event based on a Magento platform.

The site stood up well after a challenging start on Tuesday evening, but there was a configuration issue with the webserver environment at one point which left a number of private application files exposed for some time. During this period the Magento directory was inadvertently left with directory listings on and without private directories and their contents protected from access. These private files being accessible did not result in a security breach of any kind, and there was never any sensitive personal data stored on any of the website's servers, but the cause of the disclosure does highlight a risk of Magento’s design. Currently, the entire application is designed to be located in the webserver’s document root (docroot). To address this risk and eliminate the possibility of a misconfiguration having this effect, the Magento application needs to be restructured to make it possible to relocate most parts outside of the docroot. This is an approach we’ll be adopting in future and which we document in this post. We also include an accompanying patch that we are releasing to the Magento community.

We have just released an important update to the Fontis Westpac extension, which should be installed by all merchants using the PayWay service. The update includes a new Verisign certificate for the PayWay gateway which will be required in order to continue connecting to the gateway. Merchants who will be affected by this update should have already been contacted by Westpac.

In addition, we have added another small but often requested feature, and added in a credit card type selection box to the PayWay and QuickGateway settings pages in the Magento configuration. Merchants will now be able to easily configure whether they want to accept American Express, Discover and others.

Since version 1.11, Magento Enterprise Edition releases have included a RMA feature to help manage this process. The system supports tracking requests from when they are first created by a customer, all the way through to resolution. This post will look at how to set up and administer RMA requests from the admin panel, and will also detail a few shortcomings that will hopefully be improved in future releases.

A successful Magento implementation requires not only development expertise and an understanding of its internals and various settings, but also systems administration knowledge to ensure that the hosting environment is configured correctly and for optimal performance. As a store owner or developer who may not be familiar with all of these areas themselves, it can therefore be difficult to check on the overall quality of a particular installation. How can the relative “health” of a Magento store be quickly and easily assessed? Introducing MageAudit, the Magento Health Check.

With its most recent update (version 1.2.10.1), our Magento-MYOB synchronisation application M2M Sync now supports Magento Go. This hosted Magento solution allows businesses to set up online stores without needing to manage their own server and implementation, and offers an enhanced set of features compared to Magento Community Edition. M2M Sync has been updated to handle these additional features, such as gift card accounts and store credit, and is an ideal solution for MYOB users who are tired of error-prone manual data entry.