Comments on: SimpleCart JS – Easy eCommerce Solution http://churchcrunch.com/simplecart-js-easy-ecommerce-solution/ Exploring the Intersection of Web Technology and the Church Wed, 17 Mar 2010 19:55:11 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Ben Dyerhttp://churchcrunch.com/simplecart-js-easy-ecommerce-solution/comment-page-1/#comment-50267 Ben Dyer Mon, 09 Nov 2009 16:43:17 +0000 http://churchcrunch.com/?p=6967#comment-50267 Hm. All JavaScript? Just as an experiment, I used Firebug to modify the HTML source and sure enough, that $22.99 copy of Wolverine was passed to PayPal for $0.01. Sure, you don't have to fulfill the order, I guess, but that's a pretty sizable security hole. That's the benefit of DB-based shopping carts, you have a database to check against to prevent things like this. Yeah, probably not an issue for smaller organizations, but they also likely won't even know that this could potentially be an issue. Hm. All JavaScript? Just as an experiment, I used Firebug to modify the HTML source and sure enough, that $22.99 copy of Wolverine was passed to PayPal for $0.01.

Sure, you don't have to fulfill the order, I guess, but that's a pretty sizable security hole. That's the benefit of DB-based shopping carts, you have a database to check against to prevent things like this.

Yeah, probably not an issue for smaller organizations, but they also likely won't even know that this could potentially be an issue.

]]>