WHAT SHOPPING CART SOFTWARE DO YOU USE?
By Mark Idzik
You may have heard this morning that certain e-commerce
shopping cart software, if not configured properly, can leave
sensitive customer data available for anyone to find on the
web.
This security breach seems to be limited to the following
cart software products:
- -Order Form
- -QuikStore
- -Enterprise's EZMall2000
- -PDGSoft
- -Mercantec
Apparently, if not installed properly, the programs create a
file, available to any web surfer who can find it, with
sensitive customer data. In my experience, this is common
if you don't safeguard the location of the customer data
file with ANY shopping cart system you use.
How can you avoid this?
First, follow the installation guidelines closely and ask
questions if you have any doubt about the security of your
client data. The cart data should always be kept in a
password protected area of your web site, may have a
non-standard file name and location, or can be located in
your cgi-bin directory where access from the web is limited
to running scripts, not accessing files.
If you're not sure about the installation process, you may
consider hiring a consultant that specializes in a few shopping
cart applications that meet your site needs. We've had good
experience installing Dansie Cart by Craig Dansie. The cart is
full featured, cost effective, keeps sensitive data protected,
can authorize credit cards live and much more. Visit
http://www.dansie.net/cart.html for more information.
Back to Library