Hi all, I just have a question here regarding SHOP_CHECKOUT_ACCOUNT_REQUIRED. I see that this guy defaults to False, thus, customer can finish one checkout process without signup/sign in.
Actually, many customers like this style, and I tried to set this setting to True, then, many customers said it's complex because they need to signup(if they don't have one account yet) and sign in to continue the checkout process, what they want is just fill in the shipping details and next to place the order. So, I turned it off again, but, I am concern the security here. If we can make an order without sign in, how to avoid those fake orders, maybe somebody comes by, and random click but make an order... And, what's more, is this easy to attacked by something like DDOS, I mean, for example, write a robot to keep sending orders since we don't need login(we can place captcha here). So, do you guys have any suggestions here if I set this setting to False? Any code here to ensure the security or through any nginx settings? Thanks. Wesley -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
