Some things, like payment modules, are always better tested on a real webserver, not a mock server such as Xampp.
For SSL on xampp, you'll need to set up your own SSL. And if you do it with a self-signed certificate, then most of your payment modules will still fail because they expect authentic SSL, not self-signed SSL.
For payment modules, just go direct to a real server. Don't try to use them on a local PC.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
While you can indeed have your local server working with the outside world as though it is on a real server, there are several hoops you have to jump through to get there. Since the times you really need such a setup are so rare, it really is not worth the time and effort (and risk) to get it working compared to the ease of setting up a real development server (a duplicate of your real shop on your hosting).
I jumped though all those hoops through sheer bloody mindedness but rarely use it. I do however have my local servers set up as virtual hosts. I found that was necessary for uri-rewriting to work locally.
Steve
github.com/torvista: BackupMySQL, Structured Data, Multiple Copy-Move-Delete, Google reCaptcha, Image Checker, Spanish Language Pack and more...
Thanks everyone for your help.
As suggested I will switch to doing my testing on a real server :)
This is most certainly the best way to save a little sanity - Unless you wish to become a network engineer as well as a web developer :)
Agreed. 100%
I however, went through those hoops *many* years ago and to this very day not only use it for local development but we also serve some of our webpages (and all of our live camera feeds) directly from computers on our home network to the public internet. This wasn't/isn't out of bloody mindedness though, it is a matter of economics.
Back in the day we even used to host customers websites on our own computers - A practice we stopped doing when it became cheaper (and far less work) to use shared/3rd party hosting than it was to maintain our own hardware.
It is still more practical (and economical) to use our own computers for some/many things though, and although you mention risk as being a factor, which I don't disagree with, I can say with 100% confidence that our LAN based servers are far more secure than any 3rd party server could ever be, which is one of the reasons we still use them.
Having said that, I do agree with you 100% that there are hoops to jump through and the need for such as setup is rare and not worth the time or effort, at least for most folk - but it also saddens me that by avoiding this also increases ignorance in regards to how the internet actually functions - I don't say this to cause any offence to anyone - but from a *security* perspective I do find it a bit of a worry.
Cheers
RodG
marton,
if you are changing your development environment, i am a big fan of using virtualBox on your local machine and then using vagrant for a pre-built LAMP stack. i use this box as it is relatively easy:
https://box.scotch.io/
you can then put all of your code under version control, ie git, set up remote repository in a place like bitbucket. and then deploying any code changes becomes rather easy.
its a bunch of work to get your development environment set up just right, but once you get your work flow together, its way easier with real good audit trails.
good luck in whatever you decide to do.
Bookmarks