Jump to content


Newbie - Understanding dangers of adding contributions


This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1   Curtis.Williams

  • Members
  • 1 posts

Posted 20 June 2012 - 15:38


I am very unfamiliar with OSCommerce and have been using a developer to assist. I have found many "off the shelf" contributions for some of my needs - Google Data Feed (MagneticOne has a product they can install). I like this idea because my developer tends to use free contributions or develops his own and I tend to lean towards "off the shelf" products traditionally for stability reasons. As I don't understand how / where the contributions that are free come from it seems to me that I may come out better off using "off the shelf".

My concern is that if I use a third party company with their own product and installation are there serious dangers with security or current solution stability for something like a Data Feed generator?

I may not be asking the question correctly but I do not feel comfortable staying ignorant to OSCommerce when my business depends on it.

I am technical except for the important skill-sets of PHP and OSCommerce...

#2   burt


    I drink and I know things

  • Community Team
  • 11,868 posts

Posted 20 June 2012 - 15:46

A good developer will use mainly his own creations...certainly avoiding 90% of the available add-ons and probably 99% of commercially available scripts.

The problem with some (not all) commercially available stuff is that it is encoded or subject to limitations. Take the basic example of a template; the latest one I looked at included .js files served from the template makers site (I won't post the template makers URL here, save to say it is a "monstrous" maker of templates. What happens if that .js file gets infected by malware - every site running the template is automatically blacklisted...

In short, it's my belief that any shop owner is better off by trusting their programmer to do the right job, whether he is selecting to use addons, commercial stuff or his own code.

This is a signature that appears on all my posts.  It is not specifically aimed at you.


IF YOU MAKE A POST REQUESTING HELP...please state the exact version of osCommerce that you are using. THANKS
If you are still on the old style osCommerce, it is time to move to Responsive.


#3   multimixer


    Lemons or Melons ?

  • Partner
  • 4,744 posts

Posted 20 June 2012 - 15:54

Well, same as the free addons, where you don't know where they come from, you would also not know where the opinions about your concern come from.

osCommerce it self is also such a free contribution after all

Main point is, you trust the person who modify your files and has access to everything. As Burt just said (was faster in typing), most developers use their own solutions. They may be based on some free addons or not, but that is what the developer trust him self and stand for

The commercial solutions: Just the fact that you pay for mean nothing. There are free addons far better than anything you could buy. Well yes, the bitter truth is, that the majority of the addons are not good, the biggest part are just custom modifications called an "addon". Many people try to improve them and just add their own wrong coding on top of the already existing.

Exactly same can happen with commercial addons, I've seen a commercial version of a free addon, that has exactly the same mistakes as the free version.

All in all, it's all about the relation wit your developer

#4   multimixer


    Lemons or Melons ?

  • Partner
  • 4,744 posts

Posted 20 June 2012 - 15:56

Take the basic example of a template; the latest one I looked at included .js files served from the template makers site

That looks like a way to track who is using their templates.

#5   MrPhil

  • Members
  • 6,458 posts

Posted 20 June 2012 - 17:06

You should not be using osC 3.x. It is for development only, and should only be touched by experienced coders participating in its development!

Assuming you're actually on 2.3.1, whether a contribution (add-on) is free or commercial has nothing to do with its quality or reliability. There are some very good free ones with solid code from experienced and reliable programmers, and there are some commercial ones that are pieces of crap, bug-riddled and untrustworthy and overpriced for what you get. And vice-versa. You have to rely on the reputation of whoever wrote the code, how up to date it is, and how comfortable you or your programmer are in understanding it thoroughly. Note that many commercial products are based on quite old code bases (templates are often 2.2MS2) because it costs money to update them. Free add-ons may not have been touched in years. It's up to whoever is installing them to understand where (and when) they come from, and judge their quality.