Security of sensitive data in your store database is ensured by the Blowfish encryption algorithm. In X-Cart, this algorithm provides two levels of data encryption:
- Blowfish key-based encryption (used for order details, user passwords and some internal data).
- Merchant key-based encryption (used for order details).
During installation, X-Cart generates a secret key to help you ensure store security - the Blowfish key. This key gets written to X-Cart's configuration file as the value of the $blowfish_key variable, and, immediately after this key is generated X-Cart begins using this key to encrypt user passwords, order details, and other sensitive information. The same key is used to decipher the encrypted data, so your customers' data stays protected even if a malicious user gains access to your database - provided this user did not get access to the configuration file of your X-Cart installation and your Blowfish key has not been compromised.