Help Request for our Webshop

Ted Lemon mellon at
Sat Sep 22 19:44:59 CEST 2007

On Sep 22, 2007, at 10:11 AM, Joshua Layne wrote:
> a brief googling *  turned up 'substruct' - open source, based on  
> ruby on rails - meets a subset of your requirements, but may be  
> extensible enough that you don't have to reinvent the entire wheel,  
> only the shiny new spin-rims.

The carts I've played with generally have no concept of credit card  
security.   I did a project with zencart a while back, and had to  
retrofit my own credit card security model into the system because it  
just stored credit card information in the database, where an SQL  
injection attack would reveal everything.

I haven't looked closely at substruct - maybe they do something  
smarter.   My personal model for credit card security is to never  
store the credit card information on a customer-facing machine, and  
indeed only keep that information as long as it's needed, even on a  
back office machine.   This way, even if you screw up the security on  
your customer-facing machine, the worst risk is that some info will  
be exposed until you detect the security compromise - there's no risk  
that everybody who ever ordered anything from you will have to get a  
new credit card.

More information about the community mailing list