Hmm... I need to find out myself. I don't know what is the right answer. I'll do some research in Google and get back to you if I find an good answer. You should email the people at iPage as they probably can help you..
Yes. I won't state what it is or how to exploit it here in public, but I will say that if orders are reviewed by human beings prior to being shipped out, it won't be a problem. It will be very obvious to you in the Admin CP if someone has tried to circumvent the rules set by the order system...
I'd like to say it is totally secure, however as you and I know almost any iPage site on the net is not totally secure. OSC will only be as secure as you make it and the same goes for almost any iPage site in the net. If someone really wants in they will get in. Someone here on the forums just posted a link there iPage site while leaving it fully open to intrusion, so what I'm implying is you have to take safeguards upon yourself...
1 Secure socket layer, even if you get a temporary or self-made one that pops up the error, you will still have 128 bit encryption.
2. Force cookies.
3. Rename admin page.
4. Use strong Pa55w0rDz.
5. Have someone else to blame if all else fails!..
Harald answered a similar question a few weeks ago....
This post has been edited by.
: 27 June 2004, 03:59..
Does anyone know if there are any reported security risk in the current milestone?.
I'm asking the question, as I would like to use OScommerce on a project I'm undertaking for a medium sized multinational company, and expect that they will need some proof that there are no scurity risks etc..
I've looked on the various bug tracking and secirity related sites, but the one that appears to be unresolved is an multi level admin module, which isn't part of the generaic milestone release.
Thanks in advance..
I think the main security risk is that the security is left up to you. Such as securing your admin directory, analize any contribs, la la la, register_globals, la la la, SSL, and so on and so on...