16 results found
-
Manage email suppression list
Allow the management of the email suppression list to which email addresses are added after multiple failure to send email.
Currently there is no visibility to this list.1 vote -
Captcha functionality
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
Captcha functionality - when users initially come into the site or users are starting an order or users are entering credit card information
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we…
4 votes -
Enable Cloudflare's leaked credentials detection
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- WAF compromised credentials check
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user…
4 votes -
Bot prevention measures
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Any other WAF rules to protect the website from anonymous usage and attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the…
4 votes -
Website Stability via Rate Limiting
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of…
4 votes -
Make Wishlist Item Line Note Searchable within the Wishlist Search Bar
Problem Statement:
As a frequent user of Lists within the site, I need to find items based on custom information I have added to the Line Note within the List so that I can be sure I am ordering the proper item.Proposed Solution:
Allow for the user to use the existing search field within Lists to find text within the Line Notes of items in the list. Customers will often put Ordering Details, Stocking Data, or even Custom Part Numbers within that field so they can be clear about what is ordered. But, those notes are not searchable, so…1 vote -
Control Panel Scheduler Must take Time Changes into account without re-scheduling jobs twice a year.
1) Goals
• Users can schedule jobs using their local date/time and time zone, and the job will run at the correct absolute instant even across DST and zone changes.
• This must take into account Daylight Savings time changes in the Spring and Fall
• The current Opti control panel only allows one time zone to be used (UTC). Need the ability to handle more than one.
• User should not have to manually re-schedule jobs two times per year when clocks change
• Admins and integrators can display and manage schedules in any time zone, and any time…3 votes -
Reintroduce or Provide Alternative Method to Restrict Access to the Admin Console in Configured Commerce (V3)
As part of our recent internal security audit, we identified a vulnerability related to unrestricted access to the Optimizely Configured Commerce Admin Console.
In the legacy V1 architecture, administrators could restrict Admin Console access by domain or IP range using configuration updates (as described in the Optimizely documentation: https://docs.developers.optimizely.com/configured-commerce/docs/restricting-access-to-admin). However, in the V3 architecture, this capability is no longer supported or configurable within the managed environment.
Our support engagement (Ticket #1788512) confirmed that this feature was not migrated to V3 due to complications with the impersonation feature and has since been deprecated. As a result, customers currently have no…
1 vote -
Disable Weak TLS Cipher Suites (CBC-mode Ciphers) in Managed Commerce Environments
As part of a recent internal and third-party security assessment (conducted by Optiv Security), our organization identified that our Optimizely Configured Commerce production environment (www.whitecap.com) currently supports weak TLS cipher suites, including CBC-mode ciphers.
These ciphers are considered outdated and potentially vulnerable to known cryptographic attacks (e.g., Lucky 13 and BEAST). Security best practices and compliance frameworks (such as PCI DSS, NIST SP 800-52r2, and OWASP guidelines) recommend disabling weak or deprecated cipher suites and enforcing stronger ones such as AES-GCM or CHACHA20_POLY1305 with TLS 1.2+ only.
During our support engagement (Ticket #1789304), the SRE team confirmed that…
1 vote -
Export product list from a category
In PIM: I want to export all products that are assigned in a certain category. For example, I have category A with 300 products, and I want to export these 300 products in category A. As for now, when I'm in category A in PIM and click on "products" I get the listed products assigned to category A, BUT I can't export them in a excel list or other files types.
1 vote -
Many customers change their SKU and it's not really supported in Configured Commerce
We have several client which rename SKUs in their ERP instead of deactivating and create a new one for multiple reasons. Recently one of them ask us to create a "Master UID" for them to map and update our products, but this field is internal only and not visible to the customers, so it's an internal ID used between the ERP, PIM and Configured Commerce to update the product.
Can such a field be added and could be used as an alternate natural key to simplify everything? Seems to us like a common issue.
2 votes -
Increase job's parameters to nvarchar(max)
Increase job's parameters to nvarchar(max) so we can have larger values such as JSON. We are using custom properties to suit our needs, which is not the best approach.
Tables:
IntegrationJobParameter
JobDefinitionParameter
JobDefinitionStepParameter4 votes -
PIM - History details not shown for latest changes on produts
I'm not able to see the latest change history details for some products.
There are two panels with history lists, one to the left and one in the middle under the "history" tab.The list to the left only shows the latest change on the products but I'm not able to click on it to see the actual change that has been made. I can only see the product status and the date of the change.
On the other hand, the history list in the middle has a drop down where I can click on the different history versions and…
0 votes -
Configured Commerce - CMS - Basic Button - Link Type
Please refer to ticket # 1757749.
When setting a specific URL as the Destination, the Basic Button element does not support language-specific URL(s) in this use case, although language-specific variants are set.
This is a design flaw that needs to be addressed. If customers have different language variants, there needs to be proper URL mapping in the back-end.
We can use Rich Content as workaround, however the point is work efficiency, CMS Basic Button being quicker to add to pages.1 vote -
Fraud prevention
We are working to resolve ongoing issues with fraudulent ecommerce orders. Frequently, bots have placed orders using stolen credit card information with valid bill-to addresses but random ship-to addresses. Unfortunately, these orders were shipped before we received dispute requests, which forced us to issue credits to customers and resulted in unrecoverable product losses.
We attempted to implement the DataDome solution; however, it was not compatible with Optimizely. I also understand that Optimizely currently uses the Spreedly gateway for credit card processing, and I’m aware that Spreedly provides a fraud prevention solution that is not included with Optimizely.
Could you please…
2 votes -
PIM - Improve validation with trailing space characters
The current PIM import process automatically strips trailing space characters from all fields before validating the import. This causes frustrating behavior when a category is named (accidentally or otherwise) with a trailing space character in it.
The import validation strips the space characters from the file, which causes the import to fail with the "Category Name not found" error. The PIM admin then has no good way of identifying that the trailing space character is what is causing the issue since the error does not specify which category is the one not found.
In order to avoid this, I would…
1 vote
- Don't see your idea?