I'm looking for an eCommerce web-server/cart solution that doesn't store personal data such as login, passwords, payment information locally. Instead it should store it a on a remote server that couldn't be accessed in case of a security breach.
I know it might be the wrong place to ask a such a question, but honestly I can't think of a better one.
Depending on your requirements Stripe for payment information or Moltin for cart/orders might be worth looking into. Not sure if these fit what exactly you are looking for though.
Related
I don't really know how to explain this, so bare with me. But our Facebook pixel detected traffic from another domain. We only have one domain. We went to see what other domain it could possibly be referencing. It turns out, this other domain was a carbon copy of our site. The only thing that was different was the web address. Does anyone have a clue what is going on? It's as though someone is retargeting our customers to a mirrored website.
We tested the foreign site by placing an order using store credit given to ourselves on the backend of our site. The order went through and instead of showing the order was placed in the US, it said it was placed in Turkey.
This is over my head and I have no clue where to start solving this issue.
I've actually seen this happen to someone else before. I'm not sure what the motive behind doing something like this is - but if the orders from the cloned store are being paid to your gateway, then the upside is that you're not losing money over it. However, I do believe that the intent is somewhat malicious.
The most logical reason I have been able to come up with is that if your store has high amounts of traffic, is well known, and has a good SEO rating, the people that are cloning your store are trying to "SEO-Hijack" you in a sense. Essentially piggybacking off of your site because of the SEO ratings it already has in order to boost their own and potentially turn it into a separate store/website later.
This isn't necessarily something that can be fixed by BigCommerce since the copy of your store isn't on the platform whatsoever, since they are essentially just piggybacking off of your SEO rating. The best option here would be to do a domain WHOIS lookup for their domain and report it as fraud to their registrar as an attempt to get legal action to be taken or a cease & desist.
Sorry that this is happening to you!
Here's a helpful explanation that I was able to find and a helpful blog post on how to prevent it and the steps to take.
Oh no, I'm sorry to hear about this! As blurfus suggested above -- Please the BigCommerce Support team to report this as soon as you can. You can find their contact information here: https://support.bigcommerce.com/s/#contact
I'm considering using Dialogflow in my company but I am not fully convinced about security issues. Does anyone of you know if Google stores any input data that comes from users? In particular, any sensitive personal data?
Thank you in advance!
Best,
Marcin
Nothing like this is mentioned anywhere. To be entirely safe though, I'd suggest to have a look at the DialogFlow Enterprise version. It's under the GCP so all the data are certainly safe and private.
To prevent sensitive personal data being stored, you can disable interaction logging entirely within your Dialogflow agent's settings. See Interaction logging.
is it possible to let my own facebook apps (not generating revenue) being hosted by facebook?
The problem is that by using the iframe-version the traffic/requests are killing the server :-(
But I need to connect to a database and print/calculate values, so I think there is no other way than hosting everything on own servers. But maybe there are things I don't know.
What is the way you would go?
I don't think Facebook has an option to host apps, at least not that I've ever heard of or was quickly able to find on their developers site.
Honestly, when it comes to hosting a high-demand website, there's no free way to do it. Resources cost money. You can pick from tons of hosting providers and see who gives you the features you need at the best rate. Maybe some will offer free hosting if you include ads in the Facebook app, maybe some will offer free hosting for other means, etc.
For a non-revenue-generating app, when it becomes popular and successful and requires real resources to keep it running, it's generally time to start thinking about how to generate revenue from it. Maybe use it as a free gateway app to other revenue-generating apps (a loss leader), maybe have ads, maybe use it to generate useful marketing data, etc. For a successful site it may involve a good bit of personal investment and risk before the profits roll in (Facebook being a good, though extreme and uncommon example of this).
You have to host the application on your own, there's no way that FB does it for you.
I've searched the web for this bit to no avail - I Hope some one can point me in the right direction. I'm happy to look things up, but its knowing where to start.
I am creating an iPhone app which takes content updates from a webserver and will also push feedback there. Whilst the content is obviously available via the app, I don't want the source address to be discovered and published my some unhelpful person so that it all becomes freely available.
I'm therefore looking at placing it in a mySQL database and possibly writing some PHP routines to provide access to my http(s) requests. That's all pretty new to me but I can probably do it. However, I'm not sure where to start with the security question. Something simple and straightforward would be great. Also, any guidance on whether to stick with the XML parser I currently have or to switch to JSON would be much appreciated.
The content consists of straightforward data but also html and images.
Doing exactly what you want (prevent users from 'unauthorized' apps to get access to this data') is rather difficult because at the end of the day, any access codes and/or URLs will be stored in your app for someone to dig up and exploit.
If you can, consider authenticating against the USER not the App. So that even if there is a 3rd party app created that can access this data from where ever you store it, you can still disable it on a per-user basis.
Like everything in the field of Information Security, you have to consider the cost-benefit. You need to weigh-up the value of your data vs. the cost of your security both in terms of actual development cost and the cost of protecting it as well as the cost of inconveniencing users to the point that you can't sell your data at all.
Good luck!
I am working on an iPhone app that uses CoreData(with SQLite) to stores some sensitive biographical data that is downloaded via a Restful Web Services for offline use in the device.
I am worried that the competition could pay a subscription and extract the .sql file via SSH with a jailbroken device, and make copies of the data that has taken us so long to collect and maintain, and is the foundation of the service.
I was wondering if someone could suggest a way to make it more complicated for them to extract this data. I also store some HTML files with sensitive information in the Resources group that i would like to make harder to extract.
Thanks,
Security by obfuscation almost never works.
You should properly licence your application instead of trying to do this sort of thing. If someone really wants to have access to your sensitive data they will surely find a way to do it.
I would point out that under American and EU law, you can copyright a database i.e. a specific collection and/or order of information, even if the individual units of data exist in the public domain.
It's just like an encyclopedia. A encyclopedia is a collection of facts that belong to no one but the collection of facts constitute something that is copyrightable.
Copyright is the only possible protection against someone who buys access to the data in the software.
You could encrypt the data before your write it to the DB. Note that using encryption may have implications for selling your app in different countries around the world. This
thread might be helpful to you.
The problem with a jailbroken device is that the attacker has more control than you do. There is no place where you can hide information, most importantly encryption keys.
There is nothing keeping your competition from stealing this data if the want to obtain it. You are looking for security though obscurity, and you are wasting your time. Consider a different business model.