> I've committed code to bakesale and use it myself Glad to hear from you. I'll post some of the stuff over at BakeSaleHq as soon as I get some time this week. It's a great platform, and I think it could go further than osCommerce (and be 10 times more easy to use and customize). I personally think all shopping carts should use some sort of framework, and BakeSale is the first of its kind for Cake.
On Aug 1, 1:25 am, drayen <[EMAIL PROTECTED]> wrote: > Hi, > > I've committed code to bakesale and use it myself, i would be > interested to hear what you've found. I can also confirm you never > contacted the bakesale team. Onto your image : > > The system doesn't look like its released any useful data? > > The output your showing is on the demo site, which is deliberately > unsecured to allow people to test the admin interface. Were you able > to re-create your results on your own server? > > If you want to help, by all means apply to be a part of the bakesale > cakeforge group and commit updated and more secure code, i am sure we > would welcome the help. We are soon going to move to 1.2 and will be > using the security class you talked about in a post you made 34 hours > ago, which should close a few holes. > > Or if not how about submit the holes you've found, ideally with > solution code via our bug tracker on google code > :http://code.google.com/p/bakesale/issues/list > > <rant> > > > I'm not trying to make trouble here > > Your also not being constructive, don't just troll without even > talking to the people who can change things for the better, or fully > understanding what your criticizing. > > > So, if you're > > thinking about using BakeSale, make sure that you take a good look at > > the code before you use it, especially if you're going to be saving > > credit card numbers in your database. > > Bakesale does NOT store CC information, it uses external payment > gateways e.g. paypal. > </rant> > > Drayen. > > On Aug 1, 3:38 am, housebolt <[EMAIL PROTECTED]> wrote: > > > There's nothing to disclose. I haven't given out anything, and it's > > blatantly apparent. There is not one single security measure in place > > within the code, so I would have to disclose the entire code base. > > > I'm not trying to make trouble here, I'm just warning people about the > > danger of using BakeSale "straight out of the box". > > > I would be fine if they were marketing it as a basic starting point > > for building a shopping cart, but they're making it out to be a > > complete product. > > > On Jul 31, 7:30 pm, "Dr. Tarique Sani" <[EMAIL PROTECTED]> wrote: > > > > On 8/1/07, housebolt <[EMAIL PROTECTED]> wrote: > > > > > I was just taking a look at bakesale for some ideas on building my own > > > > shopping cart. > > > > > Please don't use bakesale in its current form without looking into its > > > > security issues. > > > > Did you contact the deveopers of Bakesale about this before disclosing > > > here? > > > > If yes what was the response? > > > > Tarique > > > > -- > > > ============================================================= > > > Cheesecake-Photoblog:http://cheesecake-photoblog.org > > > PHP for E-Biz:http://sanisoft.com > > > ============================================================= --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
