Results 1 to 5 of 5
  1. 29 Sep 2011, 06:07 PM #1
    pasi
    pasi is offline Zen Follower
    Join Date
    Mar 2004
    Location
    Finland
    Posts
    488
    Plugin Contributions
    3

    Default Addons and security

    With all the security things coming up for 1.5 ... what about addons?

    a miss configured / coded addon might easily make all the new security features void?

    Wouldn't installing 3rd party untested addons void the PA DSS??

    What are the dev teams views about this?
    Working with Zen Cart since 2003 :: www.prr.fi
    Author of the original Finnish language pack for Zen Cart since 2004
    Reply With Quote Reply With Quote
  2. 29 Sep 2011, 06:50 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,373
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Addons and security

    "void"? no.

    Adding addons simply shifts the responsibility for compliance to the coder/shopowner.

    The topic is discussed in the Implementation Guide.


    Didn't you already say elsewhere that PCI Compliance is something you have no interest in because you said it doesn't apply to you in Finland?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
    Reply With Quote Reply With Quote
  3. 29 Sep 2011, 07:45 PM #3
    torvista's Avatar
    torvista
    torvista is offline Totally Zenned
    Join Date
    Aug 2007
    Location
    Gijón, Asturias, Spain
    Posts
    2,586
    Plugin Contributions
    30

    Default Re: Addons and security

    To hijack this thread to reflect the title....

    I have tinkered with quite a few mods since I've been here, in the interests of improving the ones I have used and learnt a lot, but this is only checking other peoples work.

    I understand the main driver for Zen Cart 1.5 has been security and so some previously-working-fine code has had to be changed for compliance.

    So, having looked at the changed file list I expect to be starting afresh with 1.5 and gradually integrating the many mods I have done to my current site.

    While I can more or less understand the code, I have little idea of the "right way" things should be done and even less what is secure or not.

    Can you provide some pointers regarding what I (we) should be keeping my eye out for as I integrate each mod?

    I have read that GET is a no no, but have not had time to read up why etc.

    So without asking for a detailed list, is it possible to provide some guidance as to likely code snippets, methods etc. that I should be looking out for in a mod as maybe requiring attention in this aspect?

    Thanks
    Steve
    github.com/torvista: Spanish Language Pack, Google reCaptcha, Structured Data, Multiple Copy-Move-Delete, Image Checker, BackupMySQL Admin/Auto...
    Reply With Quote Reply With Quote
  4. 29 Sep 2011, 08:15 PM #4
    kuroi's Avatar
    kuroi
    kuroi is offline Totally Zenned
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: Addons and security

    This perception that GETs are bad is rapidly turning into an urban myth. There's a more nuanced, detailed explanation in this thread.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)
    Reply With Quote Reply With Quote
  5. 30 Sep 2011, 09:44 AM #5
    pasi
    pasi is offline Zen Follower
    Join Date
    Mar 2004
    Location
    Finland
    Posts
    488
    Plugin Contributions
    3

    Default Re: Addons and security

    Quote Originally Posted by DrByte View Post
    Didn't you already say elsewhere that PCI Compliance is something you have no interest in because you said it doesn't apply to you in Finland?
    Yes I did. and I do care, but it's not as important thing for me (or my clients) as it might be for shop keepers who do store CC info etc.

    And thank you for the response. It answered my question :)
    Working with Zen Cart since 2003 :: www.prr.fi
    Author of the original Finnish language pack for Zen Cart since 2004
    Reply With Quote Reply With Quote
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. 1.5 and addons--question
    By DarkAngel in forum Upgrading to 1.5.x
    Replies: 7
    Last Post: 16 Jan 2012, 02:15 PM
  2. IH and zen lightbox and zoom addons clash on edits to same file
    By abs007 in forum All Other Contributions/Addons
    Replies: 4
    Last Post: 19 Mar 2011, 02:29 AM
  3. ZC Versions and Addons
    By abitawoods1 in forum General Questions
    Replies: 1
    Last Post: 20 Jan 2011, 04:29 PM
  4. June 2009 Admin Security Patch vs some Addons/Contributions
    By wilt in forum Zen Cart Release Announcements
    Replies: 0
    Last Post: 24 Jun 2009, 02:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR
Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC