from Jan Griesel
Several new features were added to plentymarkets version 4.4, which allow users to do a better job of protecting their data. Therefore, we recommend that users switch to this new version as soon as possible.
How was the security increased?
- Once a certain number of failed login attempts were made, access to webshop customer accounts and the admin area will be denied for a period of time.
- Passwords will only be accepted for webshop customer accounts and the plentymarkets admin area if they are not too "weak". When it comes to the admin area, we strongly recommend that you change your passwords regularly and that you avoid saving uncoded passwords on your own PC.
- If a customer wants to make changes to an order in the webshop (e.g. address, E-mail address), then he or she will have to enter their customer password again in order to do so.
- The old XML API was completely replaced by the new SOAP API, which uses a more secure authentication process. In addition the central API Log holds a record of every time that the SOAP API was accessed.
Although it may seem tempting to use very simple passwords, doing so makes you vulnerable to hackers. Therefore, set rules within your company for creating and regularly updating passwords. Furthermore, check who you have granted SOAP API access to and only approve those calls that are really necessary. The same holds true for user accounts that have access to the plentymarkets admin area. Unfortunately, we see countless examples of companies who give over 50% of their employees admin access to plentymarkets and therefore allow these employees access to all areas of the system. A healthy dose of mistrust can go a long way in increasing the security of your company.