ShopSite Forums

Your source for ShopSite user collaboration
https://forum.shopsite.com/

Security Alert

https://forum.shopsite.com/viewtopic.php?f=10&t=4105

Page 1 of 1

Security Alert

PostPosted: Thu Mar 28, 2002 2:11 pm
by shoplite.com
This is old news but I came across the actual article regarding form
tampering - the potential ability for customers to reduce prices in the
order form, clearly without the merchants knowledge. See
http://www.iss.net/security_center/alerts/advise42.php

Since shopsite is not mentioned can we assume that this is not relevant for
us.

Richard.
www.shoplite.com

Re: Security Alert

PostPosted: Thu Mar 28, 2002 3:47 pm
by loren_d_c
Yes, you may assume (correctly) that ShopSite does NOT have this vunerability.
This problem occurs in shopping carts that allow the price to be passed from
the HTML source (PayPal's shopping cart is one example of this). ShopSite, on
the other hand, retrieves the price information from the product database, so
it does NOT allow shoppers to change the price simply by modifying the HTML.

-Loren


"shoplite.com" wrote:

This is old news but I came across the actual article regarding form
tampering - the potential ability for customers to reduce prices in the
order form, clearly without the merchants knowledge. See
http://www.iss.net/security_center/alerts/advise42.php

Since shopsite is not mentioned can we assume that this is not relevant for
us.

Richard.
www.shoplite.com
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/