Help Request for our Webshop
mellon at fugue.com
Sat Sep 22 19:44:59 CEST 2007
On Sep 22, 2007, at 10:11 AM, Joshua Layne wrote:
> a brief googling * turned up 'substruct' - open source, based on
> ruby on rails - meets a subset of your requirements, but may be
> extensible enough that you don't have to reinvent the entire wheel,
> only the shiny new spin-rims.
The carts I've played with generally have no concept of credit card
security. I did a project with zencart a while back, and had to
retrofit my own credit card security model into the system because it
just stored credit card information in the database, where an SQL
injection attack would reveal everything.
I haven't looked closely at substruct - maybe they do something
smarter. My personal model for credit card security is to never
store the credit card information on a customer-facing machine, and
indeed only keep that information as long as it's needed, even on a
back office machine. This way, even if you screw up the security on
your customer-facing machine, the worst risk is that some info will
be exposed until you detect the security compromise - there's no risk
that everybody who ever ordered anything from you will have to get a
new credit card.
More information about the community