Chapter 6
Security
1 |
The reason for this is that as a company grows you will most likely have more than one person assigned to any given profile. Amendments to a profile can then be done quickly and easily by amending the profile and not everybody who is assigned to it individually. Having a profile name removes any ambiguity about the aims of the permissions assigned to a profile. What level of access should John have? It relies on memory, whereas 'IT illiterate' as a profile name is clear and unambiguous. |
2 |
By giving users only the functions and access that they actually need you avoid some accidental errors. Also supposing a user's account is compromised, perhaps with a brute force attack, the minimal functions will mean an attacker can do less damage. |
3 |
There is a way that PrestaShop can encrypt all user and customer logins as well as their entire session when in potentially sensitive areas. It is called SSL and is discussed next. |