Magento Solution Specialist – Content Area 3.8: Security

By | 2016-01-31T22:48:40+00:00 January 31st, 2016|Categories: Magento, MCSS|Tags: , |

1. What are three major security features in native Magento EE v 1.13?

  • Encryption based on AES 256 where older versions used MD5
  • Magento Payment Bridge
  • Form keys to prevent XSS and CRSF attacks

2. What is the encryption, hashing key management method used in Magento EE v 1.13?

AES 256 is used to encrypt data. Magento stores an encryption key in

[mageroot]/app/etc/local.xml file. Sensitive database information is encrypted using this key when stored.