I can't see how mezzanine has anything to do with ddos. But you can safely set this to true. You credit cart processor will stop the fake orders. I haven't had issues with this. On 31/03/2015 1:19 am, "Wesley" <nisp...@gmail.com> wrote:
> Hi all, > I just have a question here regarding SHOP_CHECKOUT_ACCOUNT_REQUIRED. > I see that this guy defaults to False, thus, customer can finish one > checkout process without signup/sign in. > > Actually, many customers like this style, and I tried to set this setting > to True, then, many customers said it's complex because they need to > signup(if they don't have one account yet) and sign in to continue the > checkout process, what they want is just fill in the shipping details and > next to place the order. > > So, I turned it off again, but, I am concern the security here. > If we can make an order without sign in, how to avoid those fake orders, > maybe somebody comes by, and random click but make an order... > And, what's more, is this easy to attacked by something like DDOS, I mean, > for example, write a robot to keep sending orders since we don't need > login(we can place captcha here). > > So, do you guys have any suggestions here if I set this setting to False? > Any code here to ensure the security or through any nginx settings? > > Thanks. > Wesley > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to mezzanine-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
