Issue #19: January 6, 2003

6th January 2003 by Harald Ponce de Leon

By Harald Ponce de Leon

January 6, 2003

Enjoy The New Year
Privacy Issue With Sessions
Propose Contributions
New Tips and Tricks Forum Channel

Enjoy The New Year

2002 was a great year for osCommerce in regard to internal issues. Unfortunately the ever-mighty 2.2 release has yet to be finalized and is still in the development process.

With the Milestone path set on the Workboard, the first Milestone release is set to be released sometime this month.

This will make this year a terrific year for the project when the 2.2 release is finally declared ready, and we eagerly await the opportunities that arise once the hard work from both the project developers and the community has been publicly presented.

Privacy Issue With Sessions

Discussions have been in progress relating to the security and privacy issues involved with the session ID generated for each customer.

A great paper concerning the issue has been linked to on a forum post, and has sparked the interest of implementing a USE_COOKIES feature for the session ID which is enabled by default.

Although this playing a small part in an overal security-awareness proposal, it prevents the customers session on a store from being "entered into" when the customer has posted a url link from the online store containing their session ID.

This would ofcourse mean that customers may only perform secure actions (creating an account, logging on, or checking out) when their browsers are set to accept cookies.

As compatibility is a key issue for osCommerce, we think this precaution of enabling such a USE_COOKIES feature by default to be in the best interest of customers in regard to security and privacy, and leave it up to the store owner if they wish to respect this by leaving it enabled or by not worrying about the issue and disabling it manually.

The discussion, which is currently 13 pages long, can be read at:

Propose Contributions

A call for contribution proposals has been made, where contributions can be proposed to be integrated into the CVS development codebase and become a standard project feature.

Depending on the contribution, most contributions that are accepted will be implemented at the end of the Milestone path when the current feature set has been finalized.

The call can be read at:

New Tips and Tricks Forum Channel

A new Tips and Tricks forum channel has been created to provide guides which store owners can follow.

The new forum channel can be reached at:

Those following the forums via the Gmane News Server synchronization service will be happy to find the new forum channel existing in the news server channel subscription list. A refresh of the subscription list may be required in order to subscribe to it.

[Please note, the Tips and Tricks forum channel link has been updated to the correct link.]

Zurück zu den Nachrichten