Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Serious Security Issue

Guest

By Guest
in General Support

Recommended Posts

Guest

Guest

Posted
Posted

Isn't it about time this was resolved?

 

If you read the forums there are dozens of stores experiencing problems with security, ie customers information being mixed up/customers being able to see personal details of other customers, but there is nowhere on the OSCommerce site that deals with it. All of us are spending hours trawling through forums searching for possible solutions and just when we think we have found the answer we find that we have reached another dead end! Similarly we find that some so called "solutions" may even cause further problems.

 

Unfortunately, a large proportion of readers are not programmers, so find it difficult to sort the useful information from the not so useful (possibly even harmful) guidance about sessions SIDs etc. But it would seem to me that there exists a basic flaw in OSCommerce that allows serious breaches of security of personal data, by allowing customers to view one anothers information. I am sure that there are a large number of us who want to know how to deal with this.

 

Why isn't it being taken seriously? What we need is the OSCommerce team to post the solution in the documentation on their website. This would save hours of time for those of us trying our best with limited knowledge to find a solution that actually works. It is my opinion that this issue is serious enough to warrant this.

GemRock

GemRock

Posted
Posted

May I just say this: you have to base you claim/worry on a stock osc store setup. If you manage to find any of the 'security' problem in that setup, then its osc's fault. Otherwise it's your fault if you ONLY find them in a non-stock osc setup.

I hope what I say above is fair :) .

 

Ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Guest

Guest

Posted
Posted
May I just say this: you have to base you claim/worry on a stock osc store setup. If you manage to find any of the 'security' problem in that setup, then its osc's fault. Otherwise it's your fault if you ONLY find them in a non-stock osc setup.

I hope what I say above is fair :) .

 

Ken

yea, here is the base:

http://www.oscommerce.com/forums/index.php?s=&...t&p=1061825

 

you can use the session regeneration to get around it.

http://www.oscommerce.com/community/contributions,4112

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...