To actually try and answer the question, I'm somewhat new to OSC. The one glaring thing I find that I wasn't very excited about was the fact that "out-of-the-box" OSC won't work without register_globals being ON in php.ini. Of course, a .htaccess file solves this locally. However, after looking into it a little deeper, I found that there are lots of 'contributions' to the project by very accomplished developers, one of which fixes this glitch so that OSC runs with register_globals turned OFF (and will tell you if it is turned ON).
As far as the overall security, it appears as though it can run with SSL (although I haven't finished the setup yet). As an aside, the "look and feel" of OSC isn't the prettiest I will agree; but it doesn't have to stay that way. There are approximately 20+ pages of free themes that can be applied to it. The basic structure of the display remains (which is also customizable if you want to dig into the code or ask someone for help), but it's livable considering the amount of functionality that is packed into this app. hth... -----Original Message----- From: Grant [mailto:[EMAIL PROTECTED] Sent: Thursday, January 20, 2005 4:16 PM To: [EMAIL PROTECTED] Subject: Re: [gentoo-user] OT: How secure is osCommerce? > > If you're a PHP guy you might want to stick with OSC, but even then I > > would encourage you to switch to IC. I have to admit I've never > > delved into OSC and I don't know PHP (IC is a perl app), but now that > > I've got it under my belt I feel like I have a huge leg up on every > > non-IC website out there. > > > > IC is really just another layer between the code and the developer, > > but it seems like if someone was building websites in, say: Perl, > > HTML, and MySQL for a while, eventually they would want to write tools > > (and a daemon) for the things they are doing over and over again so > > they can save themselves time, produce highly readable code, and have > > a really dynamic system in place. IC is like that, but with a bunch > > of different people developing it over about 10 years. It's still > > being very actively developed. > > > > Of course it's open-source, but I feel like I have 100% control over > > every aspect of what I produce, and I have never had to modify the > > core source files. > > > > - Grant > > > can you post some url's of some carts, from what ive seen it never looks > as smooth and professional as OSC, and the live demo doesnt do it > justice, it has nice features, but im going for look. > > thanks > > Nick Smith You want look? How's this: <your html> [loop menu] <your html> [/loop] <your html> All the ITL (Interchange Tagging Language) works like that. You just tell IC where and when you want what HTML, CSS, Javscript, or whatever else. Of course, there are tags you can use to draw things for you, but I only use tags that define the where and when of my display code (HTML, etc). IC does all kinds of other stuff, this just the basics of display. - Grant -- [email protected] mailing list -- [email protected] mailing list
