The other day I was playing around with nopCommerce. There was some talk about it internally, and I thought I’d see what it was all about. I didn’t get very far, and realized the installation instructions were definitely missing a few steps. The guys over there have outlined most of the steps in the documentation, but they’ve forgotten a few:
- Ensure that your worker process (what the AppPool runs under) has the ability to create a database if you check the box Create database if it doesn’t exist.
- How to access the installation page. You need to browse to http://site/views/install/default.aspx
There are other OWASP and scalability best practices that I may go into later if I really dig down further, but three that immediately come out:
- Unencrypted DB Connection string info
- compilation debug=”true” being set in the web.config
- Single DB