Re^4: perl shopping cart

You seem to have underestimated the seriousness of what I'm raising.

Most shopping cart implementations out there, in Perl or otherwise, tend to be crap. It is very common for them suffer from one or more of the problems that I listed. In order those problems allow people to steal products from you, steal your database from you (mmm...credit cards!), creates a significant usability problem, and allows your site to be defaced. Each afflicts a large fraction of shopping cart implementations. And yes, there is nothing Perl-specific about any of them.

In short the problems that I've listed are not just theoretically possible, they are widespread. And they are not just "the odd thing" to miss, they are serious issues that you really don't want to miss.

If you've looked at "a fair number of shopping carts" and have never seen these problems, then I must conclude that you've either been unbelievably lucky or else you do not know to look for them. I choose not to believe in luck, you have seen bad shopping cart applications. In which case your opinions on quality must be wrong. Dangerously so.

Now I could make this point in a gentle way. And run the risk that you would be left thinking that I'm just presenting a minor consideration and your advice was mostly fine. Or I could, as I have done, make the point bluntly enough that there is no possibility of your missing the fact that I think your judgement was wrong. At the cost of likely offence.

I try not to offend lightly. And I did not lightly choose to do so this time.

Comment on Re^4: perl shopping cart

Replies are listed 'Best First'.
Re^5: perl shopping cart by gothic_mallard (Pilgrim) on Oct 27, 2004 at 06:41 UTC
I'm sorry, I made a single comment in a single sentance and I fail to see how that's grounds for making informed personal judgements on me. I've been part of this community for a few years now and have a good reputation as far as my postings go so please don't treat me like some "Perl in 24 hours" newbie. Yes, I should have expanded on what I said and yes I agree with most of your points on security issues et al - but then the same applies to any online enterprise. Did I say "just install this badly written CGI script and be done"? No. I'd expect any kind of e-commerce operation to be paying tight attention to security on many levels - not just the particular shopping cart code. I'd hope that anyone setting up an e-commerce site wouldn't be quite as naive as to not thoroughly test the security and robustness of the code they're using. --- Jay All code is untested unless otherwise stated.	[reply]

Replies are listed 'Best First'.

Re^5: perl shopping cart
by gothic_mallard (Pilgrim) on Oct 27, 2004 at 06:41 UTC

I'm sorry, I made a single comment in a single sentance and I fail to see how that's grounds for making informed personal judgements on me.

I've been part of this community for a few years now and have a good reputation as far as my postings go so please don't treat me like some "Perl in 24 hours" newbie.

Yes, I should have expanded on what I said and yes I agree with most of your points on security issues et al - but then the same applies to any online enterprise. Did I say "just install this badly written CGI script and be done"? No. I'd expect any kind of e-commerce operation to be paying tight attention to security on many levels - not just the particular shopping cart code. I'd hope that anyone setting up an e-commerce site wouldn't be quite as naive as to not thoroughly test the security and robustness of the code they're using.

--- Jay

All code is untested unless otherwise stated.

[reply]