Ecommerce in core

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

draxx wrote:

When is this downloadable? I'm confused by the main page?

I'm not sure what confuses you. The message on the front page explains the intent Smile

. Read it again, closely, and if you're still confused then let us know exactly what is causing your confusion.

Involved Joined: Nov 19, 2003 Posts: 282

Oh i've been comming here for years and usually when you click on that area you are taken to either the forum that supports the new version or Ive seen a demo site that supports the new version .... and its usually always about that version and I tried to click and click and click on something ... anything.... nothing clicked and so this caused me confusion.

Now I wouldent use me as a meter - Ive been comming here now what? 5 years? 6? ugh 7 ? and Im on what? 22 posts? Smile

I'm definately not the norm but I am a creature of habit Laughing

Posted: Tue Feb 10, 2009 9:45 am

Sorry for the confusion and thank you for the explanation. Just goes to prove that we really are creatures of habit Wink

Posted: Tue Feb 10, 2009 2:32 pm

just thought I would throw this out there... has anyone ever tried a PCI compliance scan on RN? I never have, and I realize many of the security issues in PCI are server/host related, but just curious if PCI compliance is even a possibility and/or is being considered.

Many payment gateways are starting to charge higher rates and/or penalties for non-compliance.

Involved Joined: Sep 15, 2008 Posts: 352

Compliance has nothing to to with RN but how your store your customer info. What module are you using to sell products?

Posted: Tue Feb 10, 2009 2:59 pm

Well the commercial sites I work on aren't currently running RN, just basic html. But I'll tell you first hand those PCI scans are intrusive and a pain in the.... donkey; it scans for software headers, finds directories with no indexes, and looks for software it considers to be insecure, and so on.

How you handle the data is only part of the equation, you also have to meet requirements for your server, website, data storage, and even the "terminals" you access info with.

P.S. Raven web hosting has been a blessing, not sure I could have achieved PCI compliance on another host, thanks again Raven Smile

Posted: Tue Feb 10, 2009 3:32 pm

I was under the impression you would only need a PCI scan if you accept credit cards. Therefore RN on it's own would not need a PCI scan and if the cart you are using uses Paypal, or similar, you are still not handling credit cards yourself and therefore no PCI scan required.

Personally I've never used a cart of any sort, so I could be wrong.

Posted: Tue Feb 10, 2009 3:34 pm

You must for talking about hacker safe now owned by (macafee), alertsite etc... We have a daily scan on our site. What are you using for PCI scans and what merchant account? I been doing this for over 10 years everyday and never heard of rates going up.

Sounds more like the economy is down so the rates are going up.

Posted: Tue Feb 10, 2009 3:49 pm

I've googled Calloway's Cart and gone over to the TGF site and looked at the sample pages for NOSCart which appears to be the latest version. It looks great but I have a question:

suppose what you want to sell requires a user registration form. Say for instance, name, address, phone number, maybe size of the item or one of a number of options for the item and maybe having them click on a legal release statement. Will the software have any capability for building the form through an admin screen, perhaps with built in PHP validation of the form fields after the form is submitted but before it goes off to Paypal?

Posted: Tue Feb 10, 2009 3:58 pm

jakec wrote:

I was under the impression you would only need a PCI scan if you accept credit cards. Therefore RN on it's own would not need a PCI scan and if the cart you are using uses Paypal, or similar, you are still not handling credit cards yourself and therefore no PCI scan required.

Personally I've never used a cart of any sort, so I could be wrong.

yes, you are correct. If you use a service such as paypal then you wont need to worry about pci, at least not at this point in time...

alien73 wrote:

You must for talking about hacker safe now owned by (macafee), alertsite etc... We have a daily scan on our site. What are you using for PCI scans and what merchant account? I been doing this for over 10 years everyday and never heard of rates going up.

Sounds more like the economy is down so the rates are going up.

well payment gateways are authorize.net and/or rt-ware, I think one may have bought the other, can't remember. I think the penalty for non pci compliance was in the neighborhood of $19.99mo. USD for a small business in our revenue range.

and yes it was scanalert now mcafeesecure, and I'm pretty sure the criteria for meeting hacker-safe is harder than pci compliance, so if your meeting those standards, PCI should be no problem Smile

and rates always seem to go up, do they need a reason, lol ?

Posted: Tue Feb 10, 2009 4:18 pm

fkelly,

Not sure what your talking about.. We use a reg form or you can checkout without it.

spasticdonkey,

Sorry still never heard of what your talking about. Basically your saying if they find a security hole they charge you more????? Shouldn't they just drop a site altogether that is unsafe then require the site to be complicate before even having an account?

Posted: Tue Feb 10, 2009 4:31 pm

Well it's usually nit-picky things, and 9 times out of 10 they are just misreading software headers and think old versions of something is running. I certainly wouldnt want to be "dropped altogether" everytime that happens. While keeping up with PCI can be a pain, website security is obviously an ongoing effort, and just because your site is as secure as possible today, doesn't mean it will be next week... So in a way I understand the ongoing maintenance and hassles required.

What our gateway requires is that you have an approved pci scanning vendor, and that you prove compliance every 3 months, or get charged the additional fee. Don't be surprised if most other payment gateways outside of paypal have similar policies within the next year or so.

Posted: Tue Feb 10, 2009 6:02 pm

spasticdonkey wrote:

Well the commercial sites I work on aren't currently running RN, just basic html. But I'll tell you first hand those PCI scans are intrusive and a pain in the.... donkey; it scans for software headers, finds directories with no indexes, and looks for software it considers to be insecure, and so on.

How you handle the data is only part of the equation, you also have to meet requirements for your server, website, data storage, and even the "terminals" you access info with.

P.S. Raven web hosting has been a blessing, not sure I could have achieved PCI compliance on another host, thanks again Raven Smile

It's only because we manage most everything with our servers that we have been able to work out the issues that the PCI scans have raised. Newer releases of software are not always better and I can remember in at least one instance we had to say "no" to the PCI guys because the software upgrade broke so much software on the server. It seems we compromised on a version that just fixed the issue that gave them a knot in their undies Wink

Posted: Tue Feb 10, 2009 8:02 pm

Quote:

Not sure what your talking about.. We use a reg form or you can checkout without it.

Sorry Alien, I wasn't clear. I assume that in your system there is an admin screen to define items to be sold. You would put some descriptive text, a price or prices, and perhaps an image of that item. Now, suppose what you were trying to sell was say, registration for an event. Suppose that event had options within it (say bike rides of 25, 50 and 100 miles for example). Suppose you had to collect non-standard "registration" data such as license plate numbers. Do the admin screens provide a facility for doing this and how is validation of the data upon submission handled. On a more general level does it have some type of form builder so that options for any item to be sold can be collected and passed on to the next stage in the purchase process.

Posted: Tue Feb 10, 2009 8:39 pm

It has the full store front, digital downloads feature and you can also do basic events. For example make a category called events and list products as events. It has a full fledged attributes feature on the back end so you can add any number of options to a product. The only thing it needs is extra text fields so customers can add things like licence plate numbers etc... It has a comments box for any comments to be attached to an order so really all I would need to do is add another box controllable from admin on/off for example.

Regular Joined: Aug 06, 2008 Posts: 65

Hi everyone! I am very happy to hear that a eCommerce for Raven Nuke is being made! I definately need this, and hope for tight security!

I read on the frontpage that there are some security fixes for the new raven nuke. Are these fixes only for the new raven nuke, or is there something I need? I am running Ravennuke 2.20.01.

Thanks for your time.

Posted: Thu Feb 12, 2009 7:24 pm

It's for the new so I would upgrade ASAP to stay up to date with security.

Posted: Thu Feb 12, 2009 7:30 pm

I can say it will have most the major ones including Paypal WPP. speedtype

Posted: Thu Feb 12, 2009 8:31 pm

Alien,
Will this new "Goody" have the ability to controll "NSNGroups"?

Dawg

Posted: Thu Feb 12, 2009 9:26 pm

Just to address selectric's post a few back ... at this point I would recommend waiting for the announcement of RN 2.30.01 and then upgrading to that. RN2.30 was a big step up from 2.20 but 2.30.01 will incorporate additional security fixes as well as a few functional improvements.

You will be able to read the changelogs and decide for yourself.

Posted: Thu Feb 12, 2009 11:33 pm

Dawg,

Well see what everyone on the team decides and everyone else input.

I would imagine though that each group can have a different price structure or maybe only see certain products.

Posted: Fri Feb 13, 2009 5:14 am

Alien,
I was going the other way with it....Subscriptions to belong to a "Group". So if they purchase X they belong to Group Y.

Thank you for your time on this prooject.

Dave

Posted: Fri Feb 13, 2009 5:55 am

Dawg wrote:

Alien,
I was going the other way with it....Subscriptions to belong to a "Group". So if they purchase X they belong to Group Y.

Thats really a subscription based required and shouldn't have anything to do with eCommerce except that you might be able to 'sell' subscriptions to through the Shop.
If that it likely to happen then I can stop the many weeks of work I have already put into something for that.

Posted: Fri Feb 13, 2009 7:04 am

I'm sure this feature will be added down the road at some point. No plans yet though.

Posted: Wed Jul 22, 2009 1:10 pm

Just wondering how the RavenNuke Merchant was coming. Haven't heard anything lately.