1. Home
  2. Forums Index
  3. WebmasterWorld / Ecommerce 11:36 pm May 4, 2026

Forum Moderators: buckworks

Message Too Old, No Replies

About E-Commerce 101.

Is it still valid...?

         

noddie

9:39 pm on Mar 9, 2007 (gmt 0)

10+ Year Member



I'm referring to the post at: [webmasterworld.com...] We're not really a shopping cart site, we sell ONE product in three different price categories (free, cheap and expensize) where the buer gets more for more...

Basically we don't care about the shopping cart at all since we're using PayPal and basically let them handle everything for us...

Do I really have to worry about SSL, certificates etc...?

I mean we've just included the PayPal ASP.NET User Control onto our page which generates a couple of links for us that then relocates the user to the PayPal site (which obviously is secure) and then when the user have placed his order at paypal.com he will be redirected back to our site which then will get a confirmation from PayPal which updates our database and gives the user access to download his product...

Do I really have to bother at all about the above post...?

And a second question...
We're sending the Username AND the PASSWORD in the "Register confirmation email"...
Is this something users will get a "bad" experience of...?
(password in confirmation email)
I'm thinking alot of other sites does it and it's nice to have the password for the user later if he forgets it, ideas...?

[edited by: lorax at 11:25 pm (utc) on Mar. 9, 2007]

Corey Bryant

10:32 pm on Mar 9, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If you are accepting any personal type of information (name, username, address, and especially credit card information) I would seriously consider an SSL cert. This usually just gives the consumer piece of mind. Since you are not collecting the CC number, you really do not need it but more and more companies are getting an SSL cert - they are not that expensive and it just helps some, depending on your market.

Emails are not secure at all. If this email was compromised - you have to ask yourself - what does the hacker get? Is this important enough to me to possibly re-think this process? Most sites usually allow the customer to pick the user name (or use the email address). And then maybe send the password via email to help verify the email address.

-Corey

noddie

9:35 am on Mar 11, 2007 (gmt 0)

10+ Year Member



If the email is compromomised and some other guy gets the username/password all he is able to do is basically download my product for free in addition to posting to the support forums personated as the other guy...
It's really no big deal...
But I see the point in SSL when you take personal info. I guess it becomes more "comforting" giving away personal data when it's encrypted!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Ecommerce 11:36 pm May 4, 2026