Forum Moderators: buckworks
i have one stupid perhaps question, and here it is:
i want to begin a e-commerce site for my self. am a static site designer --photoshop-dreamweaver--, and am running very very low on cash wright now.
Am thinking to start with os commerce, just because my host provider make the installs and the connection with my bank.
i know is far cheaper in time=money to buy a commercial package but really am out of money.
What am afraid about is the security issue. Has OS Commerce the characteristics, that will protect me for fraud orders and hacks like a commercial package?
thanks for your time
Regarding OSC, it is (for all its faults) reasonably robust and will protect against SQL injection out of the box (though do watch out for any contributions you add). It is however vulnerable to XSS (cross site scripting) so you should implement a fix for that (not hard, and I'm sure there is a contribution which does it for you).
The other disadvantage of using a package like OSC that has a large install base is that there is an incentive to hack it, since any vulnerability will be worth a lot to whoever discovers it - equally true for a popular commercial cart of course.
However, assuming you are using a payment gateway you will never see or store any of the card details yourself, so you won't have to worry about securing them from hacks. OSC is a workable and cheap solution, as long as you can code yourself. If you can't/don't want to mess around with PHP yourself then look for another solution.
actually am going to use it out of the box until the first 1000$ after, i switch to something commercial. don't know yet what its gonna be.
