Home
Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
Securing
These topics describe the security features of HCL Commerce and how to configure these features.
Quick reference to user IDs, passwords, and Web addresses
Administration in the HCL Commerce environment requires a variety of user IDs. These user IDs along with their requisite authorities are described in the following list. For the HCL Commerce user IDs, the default passwords are identified.

Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
- Getting started
  HCL Commerce has different advantages for business users, administrators and developers. HCL Commerce targets each of these roles with a tailored set of offerings so that each of your users can get maximum benefit.
- Installing and deploying
  Learn how to install and deploy HCL Commerce development environments and HCL Commerce production environments.
- Migrating
  Before you migrate to HCL Commerce Version 9.1, review this information to help plan and execute your migration.
- Operating
  Topics in the Operating category highlight tasks that are typically performed by business users, customer support representatives, to complete their day-to-day tasks in the operation of the HCL Commerce site.
- Integrating
  Topics in the Integrating category highlight the tasks that are commonly performed for using HCL Commerce in combination with other products.
- Administering
  Topics in the Administering category highlight tasks that are typically performed by the Site Administrator, to support daily operations of the HCL Commerce site.
- Customizing
  The topics in the Customizing section describe tasks performed by an application developer to customize HCL Commerce.
- Tutorials
  HCL Commerce provides many tutorials to help you customize and understand your HCL Commerce instance and stores.
- Samples
  Topics in the Samples category highlight the various samples that are provided with HCL Commerce.
- Compliance
  The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
- Securing
  These topics describe the security features of HCL Commerce and how to configure these features.
  - HCL Commerce security model
    Authentication is the process of verifying that users or applications are who they claim to be. In an HCL Commerce system, authentication is required for all users and applications that access the system, except for guest customers.
  - HCL Commerce authentication model
    The HCL Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.
  - Authorization
    HCL Commerce views access control or authorization as the process of verifying that users or applications have sufficient authority to access a resource. This section describes the details of several aspects of HCL Commerce access control.
  - Hardening site security checklist
    To harden the security of your HCL Commerce site, you can enable and configure various security features. In addition, site customizations must always be made to comply with best practices as outlined in this document.
  - Site security considerations
    To enhance the security of your HCL Commerce site, you can enable various features in Administration Console or in the HCL Commerce configuration file.
  - Session management
    Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless protocol, which means that each command is run independently without any knowledge of the commands that came before it. Because it is a stateless protocol, sessions must be managed between the browser side and the server side.
  - Quick reference to user IDs, passwords, and Web addresses
    Administration in the HCL Commerce environment requires a variety of user IDs. These user IDs along with their requisite authorities are described in the following list. For the HCL Commerce user IDs, the default passwords are identified.
    - Changing database passwords
      You can change database user passwords (DBUserPwd) and database administrator passwords (DBAPwd) by updating the HCL Commerce configuration file and updating properties in the WebSphere Application Server administrative console.
    - Setting your IBM HTTP Server administrator password
      You can set your IBM HTTP Server administrator password.
    - Changing the SSL key file password
      If you are using IBM HTTP Server, follow these steps to change your SSL key file password.
    - Generating HCL Commerce encrypted passwords
      You can generate encrypted passwords in order to manually reset the password of a user from a command line. There are other tools (such as the ResetPassword command) that accomplish the same task. To manually reset the password, the administrator would take the encrypted password that is output by the utilities and update the LOGONPASSWORD field of the USERREG table. The administrator would also update the SALT field of the USERREG table with the chosen salt.
    - Resetting accounts
      If an HCL Commerce account gets locked or disabled for some reason, an administrator can unlock or enable the account.
    - LDAP server password storage consideration
      If you have chosen to use LDAP as your user registry, you should decide how you want your passwords to be stored. Many LDAP servers will provide options for encrypting or hashing the passwords, and sometimes even allow the passwords to be stored in plain text. Although the decision on how to store the password has no impact on the integration with HCL Commerce, you should investigate your settings and ensure that they comply with your security requirements. For information about configuring your LDAP server, refer to the product documentation provided with your LDAP server.
  - Enabling WebSphere Application Server security
    You can enable WebSphere Application Server security, which includes two orthogonal components: WebSphere global security and Java 2 security.
- Performance
  Topics in the Performance section describe the means by which to plan, implement, test, and re-visit the optimization of HCL Commerce site performance.
- Troubleshooting
  Topics in the Troubleshooting section highlight common issues that are encountered with HCL Commerce, and how they can be addressed or mitigated.
- Reference
  Topics in the Reference section contain all of the HCL Commerce reference documentation.

Quick reference to user IDs, passwords, and Web addresses

Administration in the HCL Commerce environment requires a variety of user IDs. These user IDs along with their requisite authorities are described in the following list. For the HCL Commerce user IDs, the default passwords are identified.

Note: Most components in HCL Commerce utilize user IDs and passwords that are validated by the operating system. For information about changing those passwords, refer to your operating system documentation.

IBM HTTP Server User ID

If you are using IBM HTTP Server, you can access your Web server home page by opening your Web browser and typing the following Web address:

http://host_name

If you have customized your Web server, you may be required to type the name of your Web server's front page after the host name.

HCL Commerce Site Administrator

The Site Administrator user ID and password apply to the following HCL Commerce tools:

HCL Commerce Accelerator. To access the HCL Commerce Accelerator from a remote machine running a Windows operating system, open your Internet Explorer Web browser, and type the following Web address:
```
https://host_name:8000/accelerator
```
Administration Console. To access the Administration Console from a remote machine running a Windows operating system, open your Internet Explorer Web browser, and type the following Web address:
```
https://host_name:8002/adminconsole
```
Organization Administration Console. To access the Organization Administration Console from a remote machine running a Windows operating system, open your Internet Explorer Web browser, and type the following Web address:
```
https://host_name:8004/orgadminconsole
```

Enter the Site Administrator user ID and password that you entered when you created your HCL Commerce instance.

Note: The Site Administrator user ID should never be removed, and should always have instance administrator authority.

HCL Commerce requires that the user ID and password adhere to the following rules:

The password must be at least 8 characters in length.
The password must include at least 1 numeric digit.
The password does not contain more than 4 occurrences of a character.
The password does not repeat the same character more than 3 times.