Re: e-commerce framework suggestion? medoc?

[Dan Jones]

> On Feb 25, 2016, at 1:28 AM, li...@wrant.com wrote:
>
> Don't fall for regulation scare talks, there should be no reason to
> put something outside local premises except payment processing which
> is a well developed monetary system service from banks etc.
>

Since I deal with credit card security in my professional life I’ll chime
in.  PCIDSS are the primary security standards you (or your client) need to
deal with.  These are not governmental standards but are set by the payment
card industry (JCB International, Visa, MasterCard, etc.). While there may be
government regulations they are typically less stringent than PCIDSS.

The standards vary based on how credit cards are being handled. If, as
suggested, you allow a third party (Paypal, Square, your bank) to do the
actual payment processing and at no point in time your does server asks for
(or handles) a credit card number your life is much simpler.  If you develop a
web form that asks for a credit card number (even if you pass it back to the
bank for processing) you have to comply with more regulations.  You can choose
the path that makes the most sense by taking at look at the requirements at
https://www.pcisecuritystandards.org/.

Re: e-commerce framework suggestion? medoc?

[Dave Anderson]

On Thu, 25 Feb 2016, li...@wrant.com wrote:


Wed, 24 Feb 2016 23:51:10 +0100 arrowscr...@mail.com

So, I'll probably use Ubercart. Thanks everyone.
The "Django" software seems good too 'Mariano', I'll read more on that.

About the laws and regulations 'Dave', I will need to see that. Here
in my country we have all these regulations too. Thanks for the
advice.


Don't fall for regulation scare talks, there should be no reason to
put something outside local premises except payment processing which
is a well developed monetary system service from banks etc.


Don't fall for "it's all a scare tactic" either.  Investigate, then make 
your own decision based on whatever laws and regulations apply to you. 
Good luck.


Dave


Run your own systems, make sure you protect your clients personal
details, separate databases and storage layers, use sound security
and encryption, and update your software regularly plus plan for
disaster.  This includes dirty play from the competing parties which
want to suck your data into their system with the "cloud" services.

Web based software is multiple reliability nightmares yet running it
internally with limited outside connectivity and reliable (static) web
front end site is an option for control of this critical aspect.

At that point you're as good as a personal self sustained service.



--
Dave Anderson

Re: e-commerce framework suggestion? medoc?

[lists]

Wed, 24 Feb 2016 23:51:10 +0100 arrowscr...@mail.com
> So, I'll probably use Ubercart. Thanks everyone.
> The "Django" software seems good too 'Mariano', I'll read more on that.
> 
> About the laws and regulations 'Dave', I will need to see that. Here
> in my country we have all these regulations too. Thanks for the
> advice.

Don't fall for regulation scare talks, there should be no reason to
put something outside local premises except payment processing which
is a well developed monetary system service from banks etc.

Run your own systems, make sure you protect your clients personal
details, separate databases and storage layers, use sound security
and encryption, and update your software regularly plus plan for
disaster.  This includes dirty play from the competing parties which
want to suck your data into their system with the "cloud" services.

Web based software is multiple reliability nightmares yet running it
internally with limited outside connectivity and reliable (static) web
front end site is an option for control of this critical aspect.

At that point you're as good as a personal self sustained service.

Re: e-commerce framework suggestion? medoc?

[arrowscript]

So, I'll probably use Ubercart. Thanks everyone.
The "Django" software seems good too 'Mariano', I'll read more on that.

About the laws and regulations 'Dave', I will need to see that. Here in my 
country we have all these regulations too. Thanks for the advice.

Re: e-commerce framework suggestion? medoc?

[Marc Espie]

For the eshop part, you can use ubercart (drupal module). It should be
reasonably sound and maintained.

Re: e-commerce framework suggestion? medoc?

[Dave Anderson]

On Wed, 24 Feb 2016, arrowscr...@mail.com wrote:

I'm currently deciding to do a "e-commerce" website. I noticed that 
OpenBSD Store use a software from medoc.com.
If not medoc, do you guys have any other suggestion for e-commerce 
framework? It have to be open source, because I can't pay a service 
now (and I woudn't trust them anyway). The idea is to be secure as 
possible (I know it's difficult with all this sql/php madness).

I'll, of course, use httpd(8) on -stable.

Regards.


Be _very_ careful about this. You don't say where you live or work, but 
(at least in the U.S.) a whole bunch of laws and regulations pop up to 
make your life miserable if you start dealing with credit card info, 
etc.  (I'm no expert on this, but am involved in an organization which 
uses a commercial e-commerce service to shield itself from all this and 
have overheard quite a bit of discussion on the subject.)  I'd strongly 
recommend that, before doing anything about this, you carefully 
investigate what your responsibilities and liabilities would be.


Dave

--
Dave Anderson

Re: e-commerce framework suggestion? medoc?

[Mariano Baragiola]

Django[0] is a popular choice nowadays. There's also DjangoCMS[1] which
is "easier" to use for less technical people. And don't forget to
examine as many as ecommerce[2] modules as you want.

[0] http://www.djangoproject.com/
[1] http://www.django-cms.org/
[2] https://www.djangopackages.com/grids/g/ecommerce/

Re: e-commerce framework suggestion? medoc?

[Marcus MERIGHI]

arrowscr...@mail.com (arrowscr...@mail.com), 2016.02.24 (Wed) 07:15 (CET):
> I'm currently deciding to do a "e-commerce" website. I noticed that
> OpenBSD Store use a software from medoc.com. 
> If not medoc, do you guys have any other suggestion for e-commerce
> framework? It have to be open source, because I can't pay a service
> now (and I woudn't trust them anyway). The idea is to be secure as
> possible (I know it's difficult with all this sql/php madness).
> I'll, of course, use httpd(8) on -stable.

What is in ports/packages...

$ pkg_add sqlports-compact
$ sqlite3 /usr/local/share/sqlports-compact "SELECT * from Descr \
where VALUE LIKE \"%e-commerce%\";"
8780|Ubercart is an e-commerce suite developed for Drupal. It has been
designed with the end user in mind, focusing on usability in three key
areas: store configuration, product and catalog creation, and order
administration. On the front end, all major systems are configurable and
integrate with the standard Drupal systems (node, taxonomy, user, etc.).
On the back end, the settings pages and order administration pages have
been designed with ease of use in mind.

Bye, Marcus

> !DSPAM:56cd4b4e88231894794140!