It’s rare to see such complacent stupidity. Actually arguing against fixing this… wow…. I certainly will never use OpenCart.

I’m disabling comments here tomorrow (to give Daniel time to do his customary response )

No where do I say that Open Cart shouldn’t be used because of the insecurities; I said it shouldn’t be used because the developer, at the time, didn’t seem to know how to handle criticism and had straight out refused to fix known security issues. That’s the issue here.

Think of it another way; imagine if Toyota’s response to the Prius acceleration issue was to call people names all the while claiming that there was no issue and doing nothing about it. At the very least you’d be cautious about doing business with them. Exaggerated analogy, to be sure, but the idea is the same. Open Cart had an issue and they were notified and instead of fixing it they went on the offensive.

But, as Daniel himself was kind enough to point out, the issue has been fixed. So, while I’m not as reticent to use Open Cart as I once was, I’m still a long way off from recommending it (at least until I see some maturity out of the community).

To be honest, I’m a little annoyed at the straw men you’ve setup though. What does WordPress being insecure have to do with an online e-commerce solution that once had security holes that went unresolved because of personality issues with the lead developer? Who said that there’s software with no security issues and how did you make that connection between the article and the comments to make these conclusions?

Please… take your time. I’ll wait.

Eric

If you can’t communicate, then you should just write the code, and be done. Let developers that can communicate, pick up the code and explain it to people.

This is old news… lets just move on

For the price you pay for opencart, you get a very easy to use shopping cart. You also get access to a forum where you can find more resources to further extend your own store from templates, modules and complete overhauls. Sure it’s not at the oscommerce stage, but I invite people to look at other carts, then look at opencart and you’ll see how easy it is to use in comparison.
You will do things so much faster in Opencart & you’ll wonder how you got by without it.

I’m very new to OpenCart, so I’m hardly here to defend it, the lead developer, or the OC community. I *do* find it odd that there’s so much hub-bub over CSRF issue, yet you (the author) use WordPress, which is grossly insecure.

CSRF is nothing new, cPanel had it and didn’t see the issue as urgent, though they did eventually fix it. You’d have to be simultaneously logged into another site (banking, etc) and also be logged into the OC admin panel.

http://www.cpanel.net/2009/08/cpanel-security-update-csrf-cross-site-request-forgery.html

I don’t mean to be argumentative here, but I see the author and some of the commenters acting like OC is the first software to have bugs or issues, and that it’s somehow “unworthy” because of that. Truth is *all* software has bugs. If you don’t get that then come back when your voice changes. The true test of any software / open-source community is how the bugs / issues are dealt with.

Yes, IMO Daniel could have handled a lot of interactions a whole lot better. Honestly, that goes for roughly 80% of developers out there. Guess what? Lack of social skills is par for the course. Wish it were different, but it’s not. Welcome the the world of geeks. They suck at communication.

I dare anyone to find ANY software: commercial or open source, that’s never had a security issue. Please…take your time. I’ll wait.

A shopping cart must be a complex thing to pull off-even with a community effort of very bright minds.

Is the CSRF issue fixed now?

Thanks

Paul