OSCommerce shopping cart

Forum Moderators: buckworks

Message Too Old, No Replies

OSCommerce shopping cart

Opinions?

wickedthoughtz

6:11 pm on Nov 22, 2005 (gmt 0)

Does anyone have any experience with this shopping cart? I like the fact that its open source. I already use phpbb, but I'm a bit more concerned with security for a shopping cart than I am for message boards. How is the security of this board compared to commercial carts like shopfactory, etc? thanks.

Tsuren

7:11 pm on Nov 22, 2005 (gmt 0)

Do not worry. A lot of people have tried to brake in it. Actually oscommerce seems more safety than a lot of commercial scripts.

It's been checked by plenty people. [google.com...]

FalseDawn

3:11 am on Nov 23, 2005 (gmt 0)

The code itself is pretty stable. There are a few updates you'll need - like a fix for the contact form spam email hack.

The majority of security issues are user-related - for example:

Not obfuscating and not securing the Admin directory.
Incorrect configurations leading to leaked session IDs

Plus, it requires register globals to be enabled (or at least it did at last release), which can be a security risk in poorly coded scripts - one to be wary of if you do decide to go this route - watch out for those contributions, most of which are just really badly hacked together.

etechsupport

3:24 pm on Nov 23, 2005 (gmt 0)

Tsuren is right, oscommerce have larger community ever I've seen in open source.