AbanteCart Development > API Development

Extension Generator Usage?

<< < (2/2)

abantecart:
Our goal to get user experience with one button install process that is currently set up in the marketplace.
We try to coordinate with AlgoZone marketplace that all extension go there, but they require extensive QA. This is good in a way, but slows things down.

Nimitz1061:
It is also rather bad in other ways.

The auto updater and package installers pretty much require extensive write access be available to the web user account.  This will make hacked Abantecart sites very useful to bad guys. 

The automatic updater has no reliable way to know if a cart has already been modified -- and I'm seeing a whole lot of cases where the recommended modification approach is to change the original code.  Sometimes its as simple as inserting a hook somewhere, but it still going to be blown away by an automatic update.

Easy auto update = easy crash and burn.

Once installed, the only folders which allow writing should be those used for backups, media storage and temporary files.   Those folders should have an htaccess file which prevents execution of PHP code anywhere within them as well as indexing of the folder.  This approach stops many successful penetrations cold.  The cracker can place as many files as they want, they just can't benefit from them. 

I do quite a bit of cleanup work on sites hosted on other servers, including some of the best known names in the business.  I can generally trace most of the damage to this type of failure to layer the security. 

Another thing that is lost with this approach is internal experience with actually USING your own software.  Nothing says "This cart WORKS" like buying your updates from an installation of the same cart.....

Oh - package installation key ??  I don't see any mention of that anywhere...


David

Nimitz1061:
Ok - found that if I went to All Extensions it appeared in the list with 'not installed' status, and clicking the install button took me to a page which allowed assigning it to a store and turning it on or off.

If I went directly to the "Install Extensions" tool, it just demanded a key...

David

abantecart:
Key is used only with marketplace. For manual installations, there is no key needed

Navigation

[0] Message Index

[*] Previous page

Go to full version
Powered by SMFPacks Social Login Mod