How secure is your cart?
Check your site for leaks.
For instance; do you use the CartIt shopping cart? It’s notoriously insecure. Why? It keeps track of product pricing via hidden fields on the shopping cart form. Want to order something fancy for your spouse? Fire up your HTML(link) editor and write your own form and submit to the target url on their server. Or just use a local proxy (parosproxy) to do the heavy lifting.
All too often when you hire a contractor, they use something insecure like this. I’m more inclined to blame laziness rather than ignorance or even malpractice. However, this is a good place where the money spent on a code review by a third party could really save you in the long run.
Thanks to: EdgeBlog.
on November 15th, 2006 at 7:49 pm
Thanks for checking out my page!