Give help. Get help.

  • # August 12, 2009 at 9:18 am

    Hey guys. I found what seems like a really good idea at . It’s a full featured eCommerce cart, but all it requires is a js file; no databases or anything are required. If you could take a second to read about how it works…

    I was wondering, what kind of security vulnerabilities does something like this have? I think it’s very interesting because it’s REALLY simple, unlike the eCommerce plugins I use with WordPress.

    # August 12, 2009 at 3:29 pm

    Its not very secure…. I can go into firebug and give myself a discount….

    simpleCart.taxRate = 0.07;

    Tax rate varies as well…. out of state ect…. how do you detect/change that per customer?

    there is many ways to exploit…..

    # August 12, 2009 at 3:55 pm

    I don’t know about the tax part… But, just because you can change a price in Firebug doesn’t mean you actually change the price that gets sent to Paypal…

    Maybe have no tax but increase the prices by an average amount, or, it wouldn’t be that hard to set it up with the taxes of every state and you have them enter the shipping information and have the state selection be a select box and pull that state and cross it with the tax of that state.

    # August 12, 2009 at 4:06 pm

    if you are not doing any validation threw a server side script then this means i can modify and change anything i want that gets sent to paypal or google checkout…. its completely in the open

    Most ECommerce Sites
    Server > Client > Server > Checkout

    This script
    Server > Client //> Checkout

    Understand html / css / javascript they are all client side languages…. my browser chooses how and what it is going to use it…

    EDIT: Sales tax only applies to the state in where the seller and sale resides this is why amazon is a popular site….

    # August 12, 2009 at 4:17 pm

    Ah, I see. I was editing the price of the item once it was already in the cart, and the price still stayed the same. But I edited the price of an item and then clicked add to cart and it came out with my amount.

    So I guess it’s pretty much useless.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.