Help Version: 2.12
Last Update: 05/01/2002

Database Store Security Issues

Because database stores are displayed using standard HTML, a possible security issue may exist with the pricing of your products. The product pages for a database store are simple HTML code pages and use a standard form post method to add products to the shopping cart. With this method, an outside user could possibly view the source of your page, save it to disk, change the prices, and order the product at a reduced price.

Because of this issue it is critical to note that this issue exists and you should verify your orders carefully.

What you can do:

QuikStore has a built-in function for verifying prices called "order_check_db". This variable is set in the main configuration file under [ORDER PARAMETERS]. The order checking system checks the price of the purchased item against the price in the database to make sure they match. If not, it will not process the order.

To use this system with a database driven store, you need to turn it on in the qs_main.cgi configuration file.

Turn on the order checking system by setting the following variable:

order_check_db=yes

To set this variable through the Main Menu, open the Configuration Editor (Step Two), and select the "Config File" tab. Next select "ORDER_PARAMETERS" from the pull-down box. Click "order_check_db" to edit the setting.

Once you have it set, it will verify the price before the order is processed. In QuikStore, it verifies the price before the shipping page is displayed.

That's it... However, it is important to note that you should ALWAYS verify your orders to make sure the order price is correct!

Continue to Catalog Wizard Overview

 


Copyright 1997-2003 i-Soft, LLC