Shopping carts in PHP and security

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Derrald
    #1

    Shopping carts in PHP and security


    I have had two clients recently ask me about shopping carts.
    I have also been using PHP on a more regular basis and thought I could
    find an open source shopping cart such as oscommerce.

    It seems as though oscommerce requires "register globals" turned on.
    I know this is a bad idea. Also my hosting company won't turn them on
    (not that I would want that). This got me thinking about a few things
    and I was wondering what others experience on the subject is. I could
    find very little information about this subject on Google.

    I apologize if this is not the correct forum to present these topics.
    As a note: I have built enrollment and authentication systems in PHP,
    just not a store site.

    What are peoples experience on these topics?

    1. If using a cart with "register globals" on, has there been any
    problems with injection of incorrect data? Are people being overly
    paranoid of "register globals" being on?

    2. Are there any solutions open source or paid that
    have "register globals" turned off.

    3. What kind of security are shopping cart ASPs providing?
    I guess using a provider could provide security as long as
    people didn't know the source code of the program.

    4. Is any downloadable PHP shopping cart preferred over another?

    Enough said!

    Thank you,
    Darryl
    --
    --
    Derrald V
    Tags: None
    • Larry Kahm
      #2
      Re: Shopping carts in PHP and security

      Darryl,

      I don't know the answer to question 1, but as for question 2, I did a quick search in the osCommerce
      forum and found the following contribution that allows you to keep the register globals setting off:

      osCommerce LTD
      http://www.oscommerce.com/community/contributions,2097/category,all/search,register+globals


      My site is in a shared web-hosting environment. My host will probably not let me turn it on, so I'm
      going to be incorporating this contribution in my "localhost" development copy of osC sometime
      during the next two weeks.

      Larry Kahm

      "Derrald" <remove_me_dman _ppy@sbcglobal. not> wrote in message
      news:remove_me_ dman_ppy-CEC360.00185515 102004@newssvr2 1-ext.news.prodig y.com...

      I have had two clients recently ask me about shopping carts.
      I have also been using PHP on a more regular basis and thought I could
      find an open source shopping cart such as oscommerce.

      It seems as though oscommerce requires "register globals" turned on.
      I know this is a bad idea. Also my hosting company won't turn them on
      (not that I would want that). This got me thinking about a few things
      and I was wondering what others experience on the subject is. I could
      find very little information about this subject on Google.

      I apologize if this is not the correct forum to present these topics.
      As a note: I have built enrollment and authentication systems in PHP,
      just not a store site.

      What are peoples experience on these topics?

      1. If using a cart with "register globals" on, has there been any
      problems with injection of incorrect data? Are people being overly
      paranoid of "register globals" being on?

      2. Are there any solutions open source or paid that
      have "register globals" turned off.

      3. What kind of security are shopping cart ASPs providing?
      I guess using a provider could provide security as long as
      people didn't know the source code of the program.

      4. Is any downloadable PHP shopping cart preferred over another?

      Enough said!

      Thank you,
      Darryl
      --
      --
      Derrald V


        Comment

        • Jay Donnell
          #3
          Re: Shopping carts in PHP and security

          > 1. If using a cart with "register globals" on, has there been any[color=blue]
          > problems with injection of incorrect data? Are people being overly
          > paranoid of "register globals" being on?[/color]

          I personally wouldn't use a shopping cart with register globals turned
          on. The second issue is how the credit cards are handled. If your
          using something like payflow LINK from verisign then the cc# probably
          isn't stored or processed on your site.
          [color=blue]
          > 2. Are there any solutions open source or paid that
          > have "register globals" turned off.[/color]

          I think zen cart fits this description but I've never used it
          personally.
          [color=blue]
          > 3. What kind of security are shopping cart ASPs providing?
          > I guess using a provider could provide security as long as
          > people didn't know the source code of the program.[/color]

          I'm not sure what your asking here. As I said before, if your using
          something like payflowLINK (not payflow pro) then you aren't handling
          the credit cards anyway.

            Comment

            • Derrald
              #4
              Re: Shopping carts in PHP and security

              Thank you Larry and Jay.

              I am definitely not processing the CC on my site.
              Let me take a look at the option to shut off the globals and zen cart as
              well.

              Thanks,
              Darryl




              In article <9c0950c9.04101 50845.51fd8218@ posting.google. com>,
              jaydonnell@gmai l.com (Jay Donnell) wrote:
              [color=blue][color=green]
              > > 1. If using a cart with "register globals" on, has there been any
              > > problems with injection of incorrect data? Are people being overly
              > > paranoid of "register globals" being on?[/color]
              >
              > I personally wouldn't use a shopping cart with register globals turned
              > on. The second issue is how the credit cards are handled. If your
              > using something like payflow LINK from verisign then the cc# probably
              > isn't stored or processed on your site.
              >[color=green]
              > > 2. Are there any solutions open source or paid that
              > > have "register globals" turned off.[/color]
              >
              > I think zen cart fits this description but I've never used it
              > personally.
              >[color=green]
              > > 3. What kind of security are shopping cart ASPs providing?
              > > I guess using a provider could provide security as long as
              > > people didn't know the source code of the program.[/color]
              >
              > I'm not sure what your asking here. As I said before, if your using
              > something like payflowLINK (not payflow pro) then you aren't handling
              > the credit cards anyway.[/color]
              --
              --
              Derrald V

                Comment

                Previous template Next
                Working...