<img src="abc.png" />
    
call to replace anchor tags contains '/admin' in href

Server and Data Security

At StoreHippo, we take security very seriously. We take several measures and keep doing security audits from time to time to make sure your data is secure.

Server Security and Compliance 

StoreHippo uses world-leading cloud providers Google Cloud Platform (GCP) and Amazon Web Services (AWS) to run our infrastructure. Both the platforms have stringent rules in place against any security breach in their data centres.  In terms of compliance, both platforms are heavily compliant. Some of the standards they are compliant with are:

  • ISO 27001: One of the most widely recognized, internationally accepted independent security standards.
  • ISO 27017: Cloud Security. This is an international standard of practice for information security controls based on ISO/IEC 27002 specifically for cloud services.
  • ISO 27018: Cloud Privacy. This is an international standard of practice for the protection of personally identifiable information (PII) in public clouds services.
  • PCI-DSS: The Payment Card Industry Data Security Standard.
  • HIPAA: U.S. Health Insurance Portability and Accountability Act (HIPAA)

SSL Encryption

SSL provides strong protection against eavesdropping. Search Engines give priority and better SEO score to stores that have SSL enabled. StoreHippo offers free SSL certificates to all domains for its stores. Merchants can enable SSL for their entire store in no time.  

Credit Card security

StoreHippo never stores credit card information on our servers. All credit card entries happen at our Payment Gateway partners who are PCI-DSS compliant. 

Data Encryption

Sensitive information like user passwords is never stored in plain text. A strong one-way encryption is used before storing the passwords in our system. 

Authentication and Authorization

Any access to our backend resources must pass through an authentication and authorization module that validates the access depending upon the roles assigned to the requestor. 

SQL Injection

SQL Injection is a nasty problem in the case of RDBMS systems like MySQL. Using No-SQL database MongoDB as the storage, StoreHippo gets rid of this problem effectively.

MongoDB avoids the potential for problems by not parsing. As a client program assembles a query in MongoDB, it builds a BSON object, not a string. Thus traditional SQL injection attacks are not a problem.

Cross Scripting and HTML injection

We use latest AngularJS for our front end which provides built-in security measures against several attacks like XSRF/CSRF. All of our themes are designed to avoid XSS attacks. 

Moreover, Storehippo theme framework heavily uses declarative programming using HTML and requires very minimal Javascript coding. That saves time as well as reduces the possibility of bugs related to flawed coding. 

2018-07-10T08:23:16.138Z