I have just released the V2 beta at https://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=dotshoppingcart&ReleaseId=10509. Please use this thead to post your feedbacks.

I will upload a screen cast talking about the new cool feature in V2.

Hi,

Great product.

What is CMS framework about?

Can you show us how to use it?

Thanks,

CMS allows you customize almost every page of the web site. The store module breaks down into the smaller server blocks, which you could pick and paste into any area of the pages.

I was planning to create a screen cast about the new V2 features earlier but never got a chance. I will do it probably today or tomorrow.

Luke,

How do I install the Beta on my dedicated server with my shared SQL 2005?   the install app wants to create a DB and I have already created the DB (which is the way I must do it).  It has no means of me passing in the login credentials as well.   The login is not an Integrated Security type.

You could appy "CreateDB.sql" manually to the DB that already exist. There are a couple of other things that installer does. Check the InstDSC source code to see what it does and you could apply these things manually.

BTW, SQL login is never a good idea in terms of security concerned. Your configuration file will have to store the SQL login credential. It exposes your DB completely when someone can read your web.config.

[QUOTE]lukezy wrote

You could appy "CreateDB.sql" manually to the DB that already exist. There are a couple of other things that installer does. Check the InstDSC source code to see what it does and you could apply these things manually.

BTW, SQL login is never a good idea in terms of security concerned. Your configuration file will have to store the SQL login credential. It exposes your DB completely when someone can read your web.config.

[/QUOTE]

Thanks, Luke!

How/why would someone be able to read my web.config?     it's my server and I don't expose that stuff to anyone.

egc

Well, security is about different layers of defense. To break it hacker just needs to find the weakest link in your defense. I am not saying you would expose your web.config. All I am saying is that SQL login is not recommended practice. Also storing login credentials in plain text file is the worst practice by all means.

Maybe this should be a different thead. I have to say one more thing. When you write your application, never store password anywhere. Instead you store the hash of the password. The hash is the result of one-way function such as MD5 etc. When someone logs in and you need to verify the password, you compare the hash.

Thanks, Luke!

I'll just use the DPAPI to encrypt the connectionstrings section of the web.config. 

Using SQLEXPRESS just isn't a good idea...adds additional overhead.   I already have dedicated SQL 2005 resources to use.  

egc