artstore Posted October 20, 2006 Posted October 20, 2006 Are there any additional security issues to consider when you link to products in the store from a web-site outside of the store? I am modifying the existing html-site so that visitors can impulse-buy as they browse art-galleries, then resume browsing where they had left off. If they find something else, they'll be able to add it to the same cart. I will be adding code as sampled below to transform the existing html pages into php pages to preserve the store sessionID. My concern is whether that sessionID would be "visible" to bad guys when a customer returns to browsing the non-store galleries? Do I need to add another spiders.txt at the gallery level? I have tested the whole concept and have the desired functionality down (sort of) but I don't know enough to know if this will expose potential customers to additional security risks. Can somebody please help me out? This is the code I'm using: <?php if ( isset($_COOKIE['osCsid']) && !empty($_COOKIE['osCsid']) ){ $osCsid = $_COOKIE['osCsid']; output_add_rewrite_var('osCsid', $osCsid); } else { ob_start('ob_gzhandler'); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> >>>>stuff/metas here>>>>> </head> <body background="avpix/3bggot.jpg" bgcolor="#BCDDFE" link="#836A9F" vlink="#800080" text="#00008B"> <center> <table width="100%"> <tr> <td width="25%" align="left"> ? <! ----other gallery pages navigate to "previous" from this cell----> </td> <td width="25%" align="center"> <a href="index.htm"><b>HOME</b></a> <! ---this is to the non-php/osC site, the vanity site---> </td> <td width="25%" align="right"> <img src="avpix/visa.gif" alt="visa"> <a href="http://www.karrart.com/xxxxxx/catalog/index.php" target="_blank"><b>SHOP</b> </a> <img src="avpix/mc.gif" alt="mastercard"> </td> <td width="25%" align="right"> <a href="2dpre2.php"><b>NEXT</b></a> </td> >>>>>>>art gallery stuff here>>>>>>>> <a href="http://www.karrart.com/xxxxxxx/catalog/product_info.php?cPath=22&products_id=35"> <b><i>Gicl?e print available at our store!</i></b></a> >>>>>>more art gallery stuff here - some for sale, some not>>>>>>>>> </body> </html> <?php ob_flush(); flush(); ?> Thanks! Cecilia.
dittones Posted October 20, 2006 Posted October 20, 2006 Cecilia, When you add items to the shopping cart without customer logining in only remains in the cart for that session...If the customer has items in their cart then logs in the items are perm added to the cart database... when the customer logs in their user/password control security and is hidden to outside hacks...They must be logined in to continue to checkout the session id will not create a security leak...because the Oscommerce is controled by user/password... I hope this helps dittone.com Roman
artstore Posted October 20, 2006 Author Posted October 20, 2006 Roman - THANK YOU!!!! That was what I thought made sense - but, like I said, I don't know enough to be sure. I've been reading too much confusing advice on these boards regarding security issues, I guess. Thank you, again, kind Roman! Cecilia.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.