|Domain Name:||The domain name where your store will be hosted. It is usually set up when your first store is created and rarely changes after that. You can have multiple stores under the same domain. If you change your domain, Miva Merchant usually makes the change for you.|
|IP Address:||The IP address of your store on the server|
|License #:||The license number that was entered when the store was created.|
|Partner:||The partner is whoever you purchased your store from. In some cases this is Miva Merchant, but there are also distributors who sell stores.|
|Version:||The Miva Merchant software version that is currently installed.|
|Licensed Concurrent Users:||This is a static field that tells you how many concurrent licenses you have. In Miva Merchant Version 9, you can create as many admin accounts as you wish, but the number of admin users who can login at the same time is limited by the number of licenses that you've purchased.|
|Manage Additional Licenses:||See Admin User Licensing in Version 9.|
|Admin Sessions:||A static label that tells you how many admin users are currently logged in. See also Domain Settings > Administrative Sessions.|
|Reset Session Statistics:||The Admin Sessions field tells you how many admin users are currently
logged in, and the largest number of admin users that have ever been logged
into your store at the same time. For example, you might see an Admin
Sessions field that looks like this:
If you reset the session statistics, the Admin Sessions field would look like this:
The fields in this tab are usually filled out when your first store is created.
Notes for the Site Configuration tab:
|Non-secure URL to Miva Merchant:||The http URL to your on-line store.|
|Secure URL to Miva Merchant:||Normally this is the same as the non-secure URL to Miva Merchant, but using https. However, it can be different if you are using a shared SSL certificate.|
|Include Session Parameters in Miva Merchant URLs:||In general it should not be necessary to change this setting. This
setting only affects the use of a session ID as an URL parameter and
only applies if you are using longlinks. If you are using short links, your
store will ignore the "include session parameters" settings.
|Secure URL to Administration:||The https URL to the Miva Merchant admin program.|
|Root Directory for Graphics:||The directory on the server that contains all graphics and graphics subdirectories.|
|Secure Root Directory for Graphics||Same purpose as the "non-secure" root directory for graphics, but applied to your secure store path.|
|Base URL for Graphics:||The URL that points to the root directory for graphics.|
|Secure Base URL for Graphics||Same as the Base URL for Graphics, but used by your secure store, if you have one.|
|Root Directory for Modules||Sets the relative directory for modules.|
|Secure Root Directory for Modules||Same purpose as the "non-secure" root directory for modules, but applied to your secure store path.|
|Use Strict Validation for Codes:||When checked, requires that you enter only alphanumeric characters, the underscore ( _ ) and hyphen (-) for the Login and all codes in Miva Merchant, such as the product code, category code, etc. Strict Validation is recommended and is the default. Caution: If you clear the Use Strict Validation for Codes check box, Miva Merchant will allow other characters. However, symbols and punctuation should generally be avoided, and some symbols (such as the %, &, and #) are never allowed for a code. If, after being off, Strict Validation is turned on again, codes which had been valid will become invalid.|
|Preferred Ciphers:||The Preferred Cipher list is a comma separated list of OpenSSL cipher
strings. When Miva Merchant needs to encrypt something in the
database, it looks in this field and selects a cryptographic algorithm.
affect your on-line store, but are only used to support features in the
admin interface. This field gives you options for organizing the files
that can make the admin interface faster.
These settings affect accounts for Miva Merchant administrators who are using the admin interface. The default settings meet PCI compliance. See also: To Set Password Security for Customer Accounts.
Most of the settings in this section are obvious. A few that are not obvious are documented below.
|Enable TOTP (Google Authenticator) Two-Factor Authentication:||Check this box to enable two factor authentication in the admin interface. See Two Factor Authentication in Miva Merchant.|
|TOTP Time Step:||
The frequency with which the QR code authenticator application on your cell phone will generate an authorization code.
NOTE: If you are using Google Authenticator on your cell phone, you must leave this field at the default setting (30).
|TOTP Start:||Defaults to "0", which is the Unix epoch time: January 1st 1970 at midnight. See: http://en.wikipedia.org/wiki/Unix_time NOTE: If you are using Google Authenticator on your cell phone, you must leave this field at the default setting (0).|
The number of recently generated authentication codes that you can enter to log into the admin interface.
Defaults to 1 (one before and one after the current authentication code). If you leave this field set at 1, you could use any of three authentication codes to log into the admin interface:
This mechanism for allowing more than one authentication code to be valid at the same time is used to handle the possibility that the clock on your cell phone is slightly different from the system clock on your store server.
If you set this field to "2", you could log into the admin interface using any one of five authentication codes:
NOTE: If you are using Google Authenticator on your cell phone, you must leave this field at the default setting (1).
The length of the authentication code that you must enter to log into the admin interface.
NOTE: If you are using Google Authenticator on your cell phone, you must leave this field at the default setting (6).
Two factor authentication is often used when you supply your credentials to gain access to a site or service. When you login to the Miva Merchant admin interface, you have to enter your username and password (your "first factor" authentication). With two factor authentication, you not only have to enter your username and password, but you typically would have to use some other device or channel to get access. For example, in addition to your username and password, you might have to enter a special authorization code that you get from your cell phone.
The idea behind two factor authentication is that, if someone tries to gain access to your account, they not only need your username and password, but they would need your cell phone as well.
Using Miva Merchant two factor authentication is optional, but it provides another layer of security for your admin user accounts. Miva Merchant second factor authentication does not apply to customer accounts in your on-line store.
Miva Merchant will generate a "QR code" which is basically a two-dimensional barcode.
9.1. Enter your username and password as you normally would.
9.2. Use the QR code authenticator on your cell phone to generate an authentication code. Enter this code in the Authentication Code field.
9.3. Click Sign In.
|Shopping Interface Cookie Expiration:||Determines how long the session cookie is valid. The default is set to one year. Your cookie should always be set to a value higher than your Basket Timeout, otherwise a shopper could appear to lose a live basket.|
|Shopping Interface Secure Cookie Expiration:||
If the customer is on a non-SSL page in your store, Miva Merchant generates a non-secure session cookie. If the customer is on an SSL page in your on-line store, Miva Merchant generates a secure session cookie.
This field determines how long the secure session cookie is valid. The default is set to one year. Your cookie should always be set to a value higher than your Basket Timeout, otherwise a shopper could appear to lose a live basket.
|Administration Session Timeout:||PCI compliance requires that the admin session timeout be 15 minutes or less. When the timeout occurs, admin users will be automatically returned to the login screen.|
|Administration Session Failed Login Lockout Time:||The lockout time occurs when an admin user exceeds the max number of login attempts. PCI compliance requires a lockout time of 30 minutes or longer.|
|Administration Session Failed Login Attempts Allowed:||Sets the max number of login attempts for the Miva Merchant admin interface. The requirement for PCI compliance is 6 login attempts or less.|
|Failed Login Delay:||Enter a value, in milliseconds, that an admin user must wait after entering an incorrect username or password. For example, if you enter 5000 milliseconds here, an admin user has to wait five seconds after entering an incorrect username or password before they can try again.|
|Image Extension Types:||The Image Extensions Types are a simple security check for file uploads that are done through the admin interface. You can put any file extensions in this box. When someone tries to upload a file to your store through the admin interface, the system checks the extension of that file against the list of extensions in this box. If it isn't on the list of allowed file extensions, the upload will fail.|
|JPEG Image Quality:||
Use this field to control the quality of jpg images that you upload. Reducing the image quality, even from 100% to 95%, can significantly reduce the image size.
In releases before PR8 Update 9, store owners had two choices for using a mail server:
Beginning in PR8 Update 9, you can continue to use the mail server on your store's machine, but you can also connect to an external mail server account that requires a username and password.
Miva Merchant will also detect and support the following SMTP authentication standards on an external mail server:
|Mail Server:||The address of your Web host's mail server that sends out e-mail. This is not an e-mail address. You can get this address from your hosting company. In some cases the host provides this information in a FAQ page. If you cannot find the information on the website, contact the hosting company directly.|
The Encryption field is only used if you are connecting to an external mail server.
|Mail User:||If you are connecting to an external mail server, enter the account username here.|
|Mail Password:||If you are connecting to an external mail server, enter the account password here.|
|Add Angle Brackets to Email Addresses:||Some hosts require that angle brackets enclose the e-mail address.
For example, firstname.lastname@example.org would be entered as
|Mail Method:||Some web hosts use an optional commerce library method to send email. If yours does, they will either set this up for you, or will tell you what to enter here. In general, leave this field blank.|
These settings should only be modified by advanced users.
Non-secure Miva Merchant Cookie "domain", Non-secure Miva Merchant Cookie "path"
|Essentially, the cookie domain and cookie path give you some control over when a browser sends a cookie back to a web server. If you specify a cookie domain and path, the browser will only send the cookie back to the web server when the user requests a page in that domain and path. See: http://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path for examples.|
|Non-secure Miva Merchant Cookie Output:||
Depending on your service provider and the type of payments that you accept, your store may be examined routinely by a PCI scanner. A PCI scanner checks your on-line store for a number of potential issues, to make sure that your store is PCI compliant. One issue that PCI scanners look for is to see if secure (HTTPS) pages in your store are setting cookies that have the "secure flag" set.
See: http://en.wikipedia.org/wiki/HTTP_cookie for basic information about cookies and secure cookies.
If the scanner sees that you have a secure page which is setting a cookie without the secure flag, it may trigger a PCI compliance error. The settings is this section give you some control over how your store pages can set cookies.
This option assumes that you are using the Miva Merchant default SSL page settings. See Appendix 5: Default HTTP/HTTPS Pages for more information.
Secure Miva Merchant Cookie "domain:", Secure Miva Merchant Cookie "path:"
|The same as the "non-secure" settings, but applied to your secure store.|
Set the frequency that you would like to check for software upgrades.
It is rarely necessary to change this setting. Periodically, Miva Merchant offers a public beta release of the Miva Merchant software. If you want to participate in the beta, you change your Upgrade Stream to beta.
When the beta becomes available, you click on the "Eligible for Updates" box and the beta will be downloaded to your store server. It is common for store owners to have a "development" store on their server, and a "production" store. Customers who are interested in the beta software download it to their development site, where it will not interfere with their production store. Please contact Miva Merchant customer support if you are not sure how to do this.
|Check for Upgrades:||Set the frequency that you would like to check for software upgrades.|
|Check for Upgrades:||Set the frequency that you would like to check for software upgrades.|
|Review Installed Updates:||Lists all of the updates that have been applied to your store's current production version. The list is erased each time you install a new production release.|