NYCPHP Meetup

NYPHP.org

[nycphp-talk] Liability protection for consultants?

leam at reuel.net leam at reuel.net
Wed Feb 9 19:32:15 EST 2005 

Dang, all good info! Two quick things.

THe host is a shared host, so I'd have to work with interchange in that sense. 

The liability issue is more "I recommended this application and it just got cracked with all your business data" sort of thing. Not indemnity for the code itself but for the vulnerability of the apps I set up for them.

ciao!

leam
  --off to study interchange...

On Wed, Feb 09, 2005 at 07:23:58PM -0500, Brian Kaney wrote:
> On Wed, 2005-02-09 at 19:01, leam at reuel.net wrote:
> > I'm looking at doing some side work setting up CMS and shopping carts for small businesses. The web-host I use has a few offerings that are php based and I'm looking at the requirements and set up to see which one I'd want to support.
> > 
> > OScommerce requires register globals to be on, and Zen Cart requires some world-writeable directories in the DocumentRoot. THe other possibilites are AgoraCart, Interchange Cart, and CubeCart. 
> 
> We started a project with OSCommerce and found it to be a hairball of
> code/presentation and security issues.  It was really a pain to extend
> without bastardizing core code.
> 
> We ended up scrapping it and using IC (interchange).  The documentation
> is bad (they really need a wiki-doc-project), and we re-wrote most of
> the templates (they were filled with "legacy" HTML coding -- i.e tables
> within tables, inline styling, etc,).  
> 
> But after you get going on IC, it is a quite stable, secure and very
> extensible platform.  My favorite part is IC uses a daemon process to
> handle all the heavy lifting, while completely detaching critical
> procedures from the client.  The "catalog" (or store-related files) are
> completely separate from core and you can also override any core
> functions with your own without breaking core stuff.  This all points to
> a solid framework.
> 
> > 
> > I'm reading Chris' security workbook and trying to critically review anything that deals with money. My biggest fear is that one of my customers has a compromise and the public image of the business goes so bad that they lose their business. 
> > 
> > Yeah, I'm generally a "worst case scenario" sort of guy...
> > 
> > How do you protect yourself against liability, and more importantly how do you give the customer the security they deserve?
> > 
> 
> You can protect yourself and clients with a software license.  You are
> protected by the IP portion and your clients by the warranty section. 
> Here you can mitigate your clients risk by taking some or all of it on,
> even offer your clients full indemnification, all for a charge.  Or, as
> the other extreme, us "AS IS" verbiage.  You can also sell warranties
> for many OSS (but refer to the specific license for the project).
> 
> The OSRM group also offers insurance for open source stuff.
> http://www.osriskmanagement.com/
> 
> Redhat and HP offer indemnification protection for their Linux-based
> products.
> 
> 
> - Brian
> 
> 
> 
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>

More information about the talk mailing list