The basic problem is that web servers usually run on Unix machines as "nobody", but the ViArt HelpDesk scripts run by the web server need to have access to the ViArt Shop "./images" folder... However, as the ViArt files are generally owned by a real user, the only way a script running as "nobody" can access and update this file is if the user grants the world read-write permissions to it. As you can imagine, this opens up security holes which then need to be plugged. There are several methods of doing this depending on where you are running ViArt HelpDesk: On a Dedicated Server or a Shared Server (i.e. other users have access to your directories via telnet or FTP).

Another potential security hole is users guessing your username and password and locating the admin area. Restricting access to your administrative functions is something that should be done regardless of what type of server you are on.
By default the login and password to Administration are "admin"/"admin". You are advisted to change these default settings immediately.
See see details for more details.

After installation, for security reasons, it is better to move:

• All of the Administration part of the site to another secure location, protected with HTTP authentication.
  Read more about A pache HTTP authentication at http://www.apache.org
  
  
• "templates" folder somewhere from web-tree



As well as securing your installation, you should also prepare for the worst. If possible, place all of your ViArt tables in a separate database created exclusively for this purpose, and give it a different username and password than your other databases. If this is done, the worst that can happen if your security is hacked is that you loose your ViArt HekpDesk. Otherwise you might loose valuable business data (such as Sales Orders) or even your entire site.