NYCPHP Meetup

[leam at reuel.net]

This is getting worse as I go.  Interchange doesn't work on CPanel, which the host uses. Agora cart looks real clunky and I need something that the customer can easily use to add to the cart. CubeCart is moving servers, is commercial, and I can't tell how it looks.

*sigh*  At least this *is* a market--most business owners I know wouldn't want to work through this hassle.  ;)

ciao!

leam

On Wed, Feb 09, 2005 at 07:23:58PM -0500, Brian Kaney wrote:
> On Wed, 2005-02-09 at 19:01, leam at reuel.net wrote:
> > I'm looking at doing some side work setting up CMS and shopping carts for small businesses. The web-host I use has a few offerings that are php based and I'm looking at the requirements and set up to see which one I'd want to support.
> > 
> > OScommerce requires register globals to be on, and Zen Cart requires some world-writeable directories in the DocumentRoot. THe other possibilites are AgoraCart, Interchange Cart, and CubeCart. 
> 
> We started a project with OSCommerce and found it to be a hairball of
> code/presentation and security issues.  It was really a pain to extend
> without bastardizing core code.
> 
> We ended up scrapping it and using IC (interchange).  The documentation
> is bad (they really need a wiki-doc-project), and we re-wrote most of
> the templates (they were filled with "legacy" HTML coding -- i.e tables
> within tables, inline styling, etc,).  
> 
> But after you get going on IC, it is a quite stable, secure and very
> extensible platform.  My favorite part is IC uses a daemon process to
> handle all the heavy lifting, while completely detaching critical
> procedures from the client.  The "catalog" (or store-related files) are
> completely separate from core and you can also override any core
> functions with your own without breaking core stuff.  This all points to
> a solid framework.
> 
> > 
> > I'm reading Chris' security workbook and trying to critically review anything that deals with money. My biggest fear is that one of my customers has a compromise and the public image of the business goes so bad that they lose their business. 
> > 
> > Yeah, I'm generally a "worst case scenario" sort of guy...
> > 
> > How do you protect yourself against liability, and more importantly how do you give the customer the security they deserve?
> > 
> 
> You can protect yourself and clients with a software license.  You are
> protected by the IP portion and your clients by the warranty section. 
> Here you can mitigate your clients risk by taking some or all of it on,
> even offer your clients full indemnification, all for a charge.  Or, as
> the other extreme, us "AS IS" verbiage.  You can also sell warranties
> for many OSS (but refer to the specific license for the project).
> 
> The OSRM group also offers insurance for open source stuff.
> http://www.osriskmanagement.com/
> 
> Redhat and HP offer indemnification protection for their Linux-based
> products.
> 
> 
> - Brian
> 
> 
> 
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>