Re: StoreBuilder (retitled)

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 44637
interpreted = N
texte = At 8:39 AM 10/30/02, Velma Kahn wrote: What sample source code is there available for interacting with what processors? Is the WebMerchant stuff worth looking at? (In my view, nothing else in StoreBuilder is much worth looking at, except for a few pieces of sample syntax.) If so, where would one begin looking at the WebMerchant stuff with an eye to making some sense out of it? Has anybody posted any other source code anywhere, or would anyone?At 10:03 AM 10/30/02, Joe D'Andrea wrote: We never used storebuilder until a few months ago. But having had to use it for two quickie sites in the past 2 months, I'm a believer. Like it's counterpart, Database Helper, there's lots that I want to change about the way it works. And like most stuf these days it suffers from a sever lack of documentation. But it is easily extensible and customizable. I can't wait to finish the integration of our CC payment system with WebMerchant. I've never built a store with StoreBuilder (other than to press the button to create a base set of StoreBuilder code and fiddle with it just a little), but I had occasion to do some serious maintenance on a store that was built with StoreBuilder several years ago recently. I don't remember all of my concerns, but there are several that do stand out to me. I did compare these back to the base set of StoreBuilder code to make sure (or at least so I think; I've made mistakes before) that they weren't things created by that developer.- The StoreBuilder store made no provision for a transition from an insecure protocol to a secure protocol on going to checkout. The store in question prominently displayed its Verisign certificate and a link to Verisign to verify it, but there was no indication any transaction through the store (of which there were several thousand over several years) had ever been made via SSL.- The StoreBuilder store stored credit card data entirely unencrypted on the server. It also accumulated that order data indefinitely, so there was a very large order table that included the unencrypted credit card data from all the orders the store had ever taken. I would think this would be a RAM issue as well. (Perhaps there are some order archiving features somewhere that were unused, but I didn't see them.)- The StoreBuilder store appeared to send an email to the customer containing an unencrypted credit card #, although the email sent to accounting appeared to have the credit card # masked.- The generated pages did not appear to have doctype declarations, an HTML namespace, or standard meta tags.If I have misunderstood or misinterpreted these things, I'd like to know about it. For a developer who knows what he or she is doing, of course all these problems can be fixed (as can the in my view rather pathetic appearance of the generated store). But I think this promotes the possibility of stores being opened without these problems being fixed, which doesn't seem like a good thing to me.Best, Velma-------------------------------------------------------------------------- Velma Kahn Glory Day Software Company 200 Tanager Ln NW, Floyd, Virginia 24091, U.S.A. phone: 540-745-6469 * fax: 651-321-4884 email: vkahn@glorydaysoftware.com www.glorydaysoftware.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: StoreBuilder (retitled) (Joe D'Andrea 2002)
  2. Re: StoreBuilder (retitled) (Velma Kahn 2002)
At 8:39 AM 10/30/02, Velma Kahn wrote: What sample source code is there available for interacting with what processors? Is the WebMerchant stuff worth looking at? (In my view, nothing else in StoreBuilder is much worth looking at, except for a few pieces of sample syntax.) If so, where would one begin looking at the WebMerchant stuff with an eye to making some sense out of it? Has anybody posted any other source code anywhere, or would anyone?At 10:03 AM 10/30/02, Joe D'Andrea wrote: We never used storebuilder until a few months ago. But having had to use it for two quickie sites in the past 2 months, I'm a believer. Like it's counterpart, Database Helper, there's lots that I want to change about the way it works. And like most stuf these days it suffers from a sever lack of documentation. But it is easily extensible and customizable. I can't wait to finish the integration of our CC payment system with WebMerchant. I've never built a store with StoreBuilder (other than to press the button to create a base set of StoreBuilder code and fiddle with it just a little), but I had occasion to do some serious maintenance on a store that was built with StoreBuilder several years ago recently. I don't remember all of my concerns, but there are several that do stand out to me. I did compare these back to the base set of StoreBuilder code to make sure (or at least so I think; I've made mistakes before) that they weren't things created by that developer.- The StoreBuilder store made no provision for a transition from an insecure protocol to a secure protocol on going to checkout. The store in question prominently displayed its Verisign certificate and a link to Verisign to verify it, but there was no indication any transaction through the store (of which there were several thousand over several years) had ever been made via SSL.- The StoreBuilder store stored credit card data entirely unencrypted on the server. It also accumulated that order data indefinitely, so there was a very large order table that included the unencrypted credit card data from all the orders the store had ever taken. I would think this would be a RAM issue as well. (Perhaps there are some order archiving features somewhere that were unused, but I didn't see them.)- The StoreBuilder store appeared to send an email to the customer containing an unencrypted credit card #, although the email sent to accounting appeared to have the credit card # masked.- The generated pages did not appear to have doctype declarations, an HTML namespace, or standard meta tags.If I have misunderstood or misinterpreted these things, I'd like to know about it. For a developer who knows what he or she is doing, of course all these problems can be fixed (as can the in my view rather pathetic appearance of the generated store). But I think this promotes the possibility of stores being opened without these problems being fixed, which doesn't seem like a good thing to me.Best, Velma-------------------------------------------------------------------------- Velma Kahn Glory Day Software Company 200 Tanager Ln NW, Floyd, Virginia 24091, U.S.A. phone: 540-745-6469 * fax: 651-321-4884 email: vkahn@glorydaysoftware.com www.glorydaysoftware.com ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Velma Kahn

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

BUG in WebCatalog 4.0.1 on Mac OSX (2000) Need relative path explanation (1997) My web page only... (2003) Is there an alternative to emailer? (1999) Beta (?) version of WebCatalog 2.1 (1998) Using WebCat for product info requests (1997) User/pass with tcpconnect (2000) Re:add line item context and showitems (1998) Protect vs Authenicate (1997) Re:quit command on NT (1997) 2.0 Info (1997) WebCat2b12 CGI Mac -- Problems propagating the cart through frames...still (1997) Nutscrape Doesn't Render Right (2002) AJAX with WebDNA (2006) Error Lob.db records error message not name (1997) lineitems context in sendmail context (1998) Possible Bug in 2.0b15.acgi (1997) Question about links (1999) WebDNA Writer Needed (1997) RE: [WebDNA] HTML/OS vs. WebDNA ? (2008)