Re: StoreBuilder (retitled)

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 44637
interpreted = N
texte = At 8:39 AM 10/30/02, Velma Kahn wrote: What sample source code is there available for interacting with what processors? Is the WebMerchant stuff worth looking at? (In my view, nothing else in StoreBuilder is much worth looking at, except for a few pieces of sample syntax.) If so, where would one begin looking at the WebMerchant stuff with an eye to making some sense out of it? Has anybody posted any other source code anywhere, or would anyone?At 10:03 AM 10/30/02, Joe D'Andrea wrote: We never used storebuilder until a few months ago. But having had to use it for two quickie sites in the past 2 months, I'm a believer. Like it's counterpart, Database Helper, there's lots that I want to change about the way it works. And like most stuf these days it suffers from a sever lack of documentation. But it is easily extensible and customizable. I can't wait to finish the integration of our CC payment system with WebMerchant. I've never built a store with StoreBuilder (other than to press the button to create a base set of StoreBuilder code and fiddle with it just a little), but I had occasion to do some serious maintenance on a store that was built with StoreBuilder several years ago recently. I don't remember all of my concerns, but there are several that do stand out to me. I did compare these back to the base set of StoreBuilder code to make sure (or at least so I think; I've made mistakes before) that they weren't things created by that developer.- The StoreBuilder store made no provision for a transition from an insecure protocol to a secure protocol on going to checkout. The store in question prominently displayed its Verisign certificate and a link to Verisign to verify it, but there was no indication any transaction through the store (of which there were several thousand over several years) had ever been made via SSL.- The StoreBuilder store stored credit card data entirely unencrypted on the server. It also accumulated that order data indefinitely, so there was a very large order table that included the unencrypted credit card data from all the orders the store had ever taken. I would think this would be a RAM issue as well. (Perhaps there are some order archiving features somewhere that were unused, but I didn't see them.)- The StoreBuilder store appeared to send an email to the customer containing an unencrypted credit card #, although the email sent to accounting appeared to have the credit card # masked.- The generated pages did not appear to have doctype declarations, an HTML namespace, or standard meta tags.If I have misunderstood or misinterpreted these things, I'd like to know about it. For a developer who knows what he or she is doing, of course all these problems can be fixed (as can the in my view rather pathetic appearance of the generated store). But I think this promotes the possibility of stores being opened without these problems being fixed, which doesn't seem like a good thing to me.Best, Velma-------------------------------------------------------------------------- Velma Kahn Glory Day Software Company 200 Tanager Ln NW, Floyd, Virginia 24091, U.S.A. phone: 540-745-6469 * fax: 651-321-4884 email: vkahn@glorydaysoftware.com www.glorydaysoftware.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: StoreBuilder (retitled) (Joe D'Andrea 2002)
  2. Re: StoreBuilder (retitled) (Velma Kahn 2002)
At 8:39 AM 10/30/02, Velma Kahn wrote: What sample source code is there available for interacting with what processors? Is the WebMerchant stuff worth looking at? (In my view, nothing else in StoreBuilder is much worth looking at, except for a few pieces of sample syntax.) If so, where would one begin looking at the WebMerchant stuff with an eye to making some sense out of it? Has anybody posted any other source code anywhere, or would anyone?At 10:03 AM 10/30/02, Joe D'Andrea wrote: We never used storebuilder until a few months ago. But having had to use it for two quickie sites in the past 2 months, I'm a believer. Like it's counterpart, Database Helper, there's lots that I want to change about the way it works. And like most stuf these days it suffers from a sever lack of documentation. But it is easily extensible and customizable. I can't wait to finish the integration of our CC payment system with WebMerchant. I've never built a store with StoreBuilder (other than to press the button to create a base set of StoreBuilder code and fiddle with it just a little), but I had occasion to do some serious maintenance on a store that was built with StoreBuilder several years ago recently. I don't remember all of my concerns, but there are several that do stand out to me. I did compare these back to the base set of StoreBuilder code to make sure (or at least so I think; I've made mistakes before) that they weren't things created by that developer.- The StoreBuilder store made no provision for a transition from an insecure protocol to a secure protocol on going to checkout. The store in question prominently displayed its Verisign certificate and a link to Verisign to verify it, but there was no indication any transaction through the store (of which there were several thousand over several years) had ever been made via SSL.- The StoreBuilder store stored credit card data entirely unencrypted on the server. It also accumulated that order data indefinitely, so there was a very large order table that included the unencrypted credit card data from all the orders the store had ever taken. I would think this would be a RAM issue as well. (Perhaps there are some order archiving features somewhere that were unused, but I didn't see them.)- The StoreBuilder store appeared to send an email to the customer containing an unencrypted credit card #, although the email sent to accounting appeared to have the credit card # masked.- The generated pages did not appear to have doctype declarations, an HTML namespace, or standard meta tags.If I have misunderstood or misinterpreted these things, I'd like to know about it. For a developer who knows what he or she is doing, of course all these problems can be fixed (as can the in my view rather pathetic appearance of the generated store). But I think this promotes the possibility of stores being opened without these problems being fixed, which doesn't seem like a good thing to me.Best, Velma-------------------------------------------------------------------------- Velma Kahn Glory Day Software Company 200 Tanager Ln NW, Floyd, Virginia 24091, U.S.A. phone: 540-745-6469 * fax: 651-321-4884 email: vkahn@glorydaysoftware.com www.glorydaysoftware.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Velma Kahn

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

ShowIf variables (1997) RequiredFields template (1997) b12 cannot limit records returned and more. (1997) [search] & [encrypt]/[decrypt] (2001) AutoCommit Preference? (1998) Multiple serial numbers (1997) RE: WebCatalog2 for NT Beta Request (1997) Searching multiple fields from one form field (1997) The max=0 issue is a bug ... CALL TO ACTION (2000) Emailer setup (1997) [WebDNA] Populating a menu from a search (2016) Using WC for Bulk Emailings (1997) suffix mapping for NT? (1997) Press Release hit the NewsWire!!! (1997) nslookup (2000) Re:no template caching (1997) Upgrade to 3.07 problems (2000) Grep search not working (2002) WebCat2 as a chat server? (1997) Problems passing [SKU] with $Replace in 2.0 (1997)