Thread: MODS.X-CART.COM - PAID or FREE Wordpress integration mod - which is the best?
View Single Post
  #5  
Old 05-11-2010, 11:23 AM
 
Asiaplay Asiaplay is offline
 

X-Wizard
   
Join Date: Oct 2005
Posts: 1,242
 
Default Re: MODS.X-CART.COM - PAID or FREE Wordpress integration mod - which is the best?
@xim,

Thanks for your feedback and clarification
Yes, it seems you are right (I wasn't clear on that the blog posters, were using same login as for x-cart customers in order to post).
I guess for us, limiting it to only signed up X-Cart customers is probably not great (as we allow anoynomous checkout) and therefore a good % of our customers / potential blog comments can come from unregistered customers.
So perhaps for us a better approach for us is to use "captcha" to avoid robot comments... and either excluding or "no follow" of html comments (as google does not count "no follow"links as spam apparently)?

@Ene,

Thanks for your reply - happy to get some feedback from you as well .

My understanding after talking to some wordpress friends, is as follows (I would appreciate some clarification):-

a) Load Speed / performance
That this will be a very, very small load on the server we use and basically un-noticeable time difference for customers.

b) Security
This point concerned me more (as security is always an important issue), so I discussed this point in more detail with the wordpress guys.
My understanding is that for there to be any "risk", a hack file would have to be preinstalled on the server, and within the "wordpress" blog directory.
i.e. injection is not possible (but the execute of a preinstalled file using something like "domain.com/blog.php?incl_file=hack.js" would be possible).
Also that using the GET operator, that only limited file types are possible to be included i.e. js/css/gif/png/jpg/html (not php etc.)

However the same guys informed me that the way the X-Cart mod is done, really is the same risk level (except that basically any file could be included)
i.e. the hacking file would also need to be preinstalled and could be executed using something like http://mods.x-cart.com/wp/hack.php
Therefore in both ways this integration mod has been done, ONLY if a preinstalled hacking file is installed in the "wordpress" directory, on the server, then it could be executed (and there be any risk).

c) Clean URLs
We use "Clean URLs" e.g. mydomain.com/my-keyword-url/ (i.e. not only links using parameters e.g. mydomain.com/blog.php?p=3)
One of my wordpress friend notes that they are allowed for the Free Mod and asked me to check that they are also for the X-Cart mod as well.
I guess they are - but can you please confirm?


Thanks again for comments and cheers, Asiaplay
__________________
X-Cart Gold version 4.1.9
(plus built in X-Cart bugs!)
Reply With Quote