The basic problem is that web servers usually run on Unix machines as "nobody", but the ViArt CMS scripts run by the web server need to have access to the ViArt CMS "./images" folder... However, as the ViArt CMS files are generally owned by a real user, the only way a script running as "nobody" can access and update this file is if the user grants the world read-write permissions to it. As you can imagine, this opens up security holes which then need to be plugged. There are several methods of doing this depending on where you are running ViArt Shop: On a Dedicated Server or a Shared Server (i.e. other users have access to your directories via telnet or FTP).

Another potential security hole is users guessing your password by loading the admin area. Restricting access to your administrative functions is something that should be done regardless of what type of server you are on.
By default the login and password to Administration are "admin"/"admin". You are advisted to change these default settings immediately.

After installation, for security reasons, it is better to move:

• All of the Administration part of the site to another secure location, protected with HTTP authentication.
  Read more about A pache HTTP authentication at http://www.apache.org
  
  
• "templates" folder somewhere from web-tree



As well as securing your installation, you should also prepare for the worst. If possible, place all of your ViArt CMS tables in a separate database created exclusively for this purpose, and give it a different username and password than your other databases. If this is done, the worst that can happen if your security is hacked is that you loose your ViArt CMS (you are making regular backups, aren't you? - see section 1.4.1). Otherwise you might loose valuable business data or even your entire site.