I can't see how mezzanine has anything to do with ddos. But you can safely set this to true. You credit cart processor will stop the fake orders. I haven't had issues with this. On 31/03/2015 1:19 am, "Wesley" <[email protected]> wrote:
> Hi all, > I just have a question here regarding SHOP_CHECKOUT_ACCOUNT_REQUIRED. > I see that this guy defaults to False, thus, customer can finish one > checkout process without signup/sign in. > > Actually, many customers like this style, and I tried to set this setting > to True, then, many customers said it's complex because they need to > signup(if they don't have one account yet) and sign in to continue the > checkout process, what they want is just fill in the shipping details and > next to place the order. > > So, I turned it off again, but, I am concern the security here. > If we can make an order without sign in, how to avoid those fake orders, > maybe somebody comes by, and random click but make an order... > And, what's more, is this easy to attacked by something like DDOS, I mean, > for example, write a robot to keep sending orders since we don't need > login(we can place captcha here). > > So, do you guys have any suggestions here if I set this setting to False? > Any code here to ensure the security or through any nginx settings? > > Thanks. > Wesley > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
