ZenCart security work (Movable Type integration)
I’m building a very simple extranet for a small medical device firm. About 40 outside salespeople will use it, for placing orders, reading news, and downloading sales materials.
The extranet will be just a simple directory in their webspace, i.e. [url removed, login to view]
I have installed a stripped-down ZenCart where salespeople can place orders. No ecommerce, just a structured order form.
Only preauthorized “customers” (the salespeople) are allowed to browse the cart. They must first log in using ZenCart’s authentication. This is the security, such as it is, for the extranet.
Here's my challenge, which relates to making sure ALL content in the extranet’s directory is secure.
I want to include content built by a blog app (Movable Type) into the extranet, and have it secured by the cart’s authentication scheme. I only want one login for the sales reps, and we prefer the simplicity and UI of ZenCart to view and edit the authorized “customers” .
Including bits of blog content into the cart pages is no problem with PHP.
The problem is protecting the blog-built static files which (ideally) live in the extranet directory. E.g. [url removed, login to view] I would like those files protected by ZenCart authentication.
Also I would like to protect any other documents (e.g. PDF, PPT, DOC) that are in the extranet directory.
I can move the blog files and downloadables into a different/deeper directory if that enables a solution.
The URL’s can include a session ID if that will help. (Search engines are not welcome in the extranet.)
This project is for 1) identification of a solution that meets the above requirements, which I believe to be complete; and 2) provision of code to implement the solution.
It is also for 3) importing 2000 records into the cart db; not too hard with SQL.