Newbie - Understanding dangers of adding contributionscontributions
Posted 20 June 2012 - 15:38
I am very unfamiliar with OSCommerce and have been using a developer to assist. I have found many "off the shelf" contributions for some of my needs - Google Data Feed (MagneticOne has a product they can install). I like this idea because my developer tends to use free contributions or develops his own and I tend to lean towards "off the shelf" products traditionally for stability reasons. As I don't understand how / where the contributions that are free come from it seems to me that I may come out better off using "off the shelf".
My concern is that if I use a third party company with their own product and installation are there serious dangers with security or current solution stability for something like a Data Feed generator?
I may not be asking the question correctly but I do not feel comfortable staying ignorant to OSCommerce when my business depends on it.
I am technical except for the important skill-sets of PHP and OSCommerce...
Posted 20 June 2012 - 15:46
The problem with some (not all) commercially available stuff is that it is encoded or subject to limitations. Take the basic example of a template; the latest one I looked at included .js files served from the template makers site (I won't post the template makers URL here, save to say it is a "monstrous" maker of templates. What happens if that .js file gets infected by malware - every site running the template is automatically blacklisted...
In short, it's my belief that any shop owner is better off by trusting their programmer to do the right job, whether he is selecting to use addons, commercial stuff or his own code.
This is a signature that appears on all my posts. It is not specifically aimed at you.
Posted 20 June 2012 - 15:54
osCommerce it self is also such a free contribution after all
Main point is, you trust the person who modify your files and has access to everything. As Burt just said (was faster in typing), most developers use their own solutions. They may be based on some free addons or not, but that is what the developer trust him self and stand for
The commercial solutions: Just the fact that you pay for mean nothing. There are free addons far better than anything you could buy. Well yes, the bitter truth is, that the majority of the addons are not good, the biggest part are just custom modifications called an "addon". Many people try to improve them and just add their own wrong coding on top of the already existing.
Exactly same can happen with commercial addons, I've seen a commercial version of a free addon, that has exactly the same mistakes as the free version.
All in all, it's all about the relation wit your developer
Posted 20 June 2012 - 15:56
Take the basic example of a template; the latest one I looked at included .js files served from the template makers site
That looks like a way to track who is using their templates.
Posted 20 June 2012 - 17:06
Assuming you're actually on 2.3.1, whether a contribution (add-on) is free or commercial has nothing to do with its quality or reliability. There are some very good free ones with solid code from experienced and reliable programmers, and there are some commercial ones that are pieces of crap, bug-riddled and untrustworthy and overpriced for what you get. And vice-versa. You have to rely on the reputation of whoever wrote the code, how up to date it is, and how comfortable you or your programmer are in understanding it thoroughly. Note that many commercial products are based on quite old code bases (templates are often 2.2MS2) because it costs money to update them. Free add-ons may not have been touched in years. It's up to whoever is installing them to understand where (and when) they come from, and judge their quality.