wfitg
-
Posts
205 -
Joined
-
Last visited
-
Days Won
2
Posts posted by wfitg
-
-
-
If you received an email like this, ignore it. The email contains an encoded admin_login.php file, DO NOT UPLOAD IT TO YOUR SERVER.
It takes balls to sign your name to their scam. heh...
I am glad that we have to log in to our blesta account to get patches, betas and new versions. This keeps them safer.
-
This is how to tell it is a fake:
"We are sorry that we cannot give more information about this hotfix, but it is very safety-critical."
I don't know any developer that would NOT give the reason for a hotfix.
-
Resell.biz is a logicbox platteforme
And it work . for more function use my custom logicbox reloaded .
I don't want to delete the original logicboxes module. I want to have a second module just for premium names. Is that possible? To add your version I have to delete the original version.
-
Anyone wanting to sell the premium domain names on resell.bz here is the API info
http://cp.us2.net/kb/answer/1948
Rather than making a new module, can logicboxes be modified to include this API?
-
-
+1
-
Thanks NaJa. When this be finished?
-
I don't think any current gateway implementations can allow credit card reuse without storing the data yourself (tokenised storage).
You should do some research into the PCI-DSS standard - if you transmit or store credit card data you will be required to fill out a PCI-DSS SAQ D form. Even if you are only redirecting to a third party like PayPal which accepts the credit card details you are still supposed to fill out an SAQ A-EP form but I think most gateways won't require that. Have a read of this document: https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf
This is a good checklist with all the details of each requirement: https://www.pcisecuritystandards.org/documents/Prioritized_Approach_v3.xlsx
Thanks FF
I'll read through this too.
-
Only need C if you transmit but do not store.
If you want to store card holder data, you do need D, and note that it has all kinds of extra requirements the typical Blesta user does not meet.
Like that your database server must be on a private network, and that the software should only access the database through stored procedures and not be allowed to perform direct queries.
I read through "D". Much to do.
-
Only need C if you transmit but do not store.
If you want to store card holder data, you do need D, and note that it has all kinds of extra requirements the typical Blesta user does not meet.
Like that your database server must be on a private network, and that the software should only access the database through stored procedures and not be allowed to perform direct queries.
-
If you are in the US, you might look at e-onlinedata. We're actually partnered with them, see http://e-onlinedata.com/blesta/ for details and costs.
I bookmarked this one. Read up on the parent company in Germanny too. It looks good. thanks
-
Thanks. Stripe does look good and i am leaning toward that one. But, every time I go to their website it does not fully load.
-
Yes. Perhaps I misunderstood. A developer should be in soon to answer.
But, if you need more info on the Hotfix:
http://www.blesta.com/forums/index.php?/topic/2176-php-55-hotfix-for-blesta-313/
-
I want to take credit cards on my site. However, I have no experience with any of the gateway providers.
Some of them seem quite expensive. Other not expensive at all. I have seen "Stripe" mentioned here.
Can anyone suggest the best ones to look at?
I need one that is:
1) affordable, since I am just starting this business
2) secure
3) reliable
I'm also not sure how the storage works. I would rather *not store credit card information, but still want the data available so customers do not have to enter it each time they pay. Is that possible?
-
This would really work both ways though. If this route was adopted you're going to see hundreds if not thousands of these little 'addons' over time for every little feature that it'll become a pain.
I think Paul and his guys know the fine line between a useful feature and what can be kept out so we shouldn't have to worry, hopefully
.First, I have all confidence in "Paul and his guys" else I would not have purchased Blesta or bother to be involved on the forum.
Second, I respectfully disagree. I do not think plugins would be a pain. The "plugin" idea is successfully used in everything from Apache web servers to blogs like Wordpress --and everything between. Wordpress has "hundreds if not thousands of these little 'addons' and they are easily managed using a repository. Simply download the one you want or need to use it. Deactivate it and delete it when the feature no longer be needed.
The only problem I see using a plugin is when the author of the plugin stops maintaining it. Blesta goes through their normal version update and suddenly the plugin is no longer compatible, or worse, causes a security hole.
-
Hi FF
The OP says "ensure that the main index.php has write permission"
Why is that needed?
And what server configs are necessary?
I want to try vQ, but I do not want the index file (or any unnecessary file) to be writable.
-
Do you have the Hot Fix?
-
-
The OP seems to place 100% faith in 'on-line' web scanners. Many of them don't scan beyond the first page. Plus, their job is to scan for things that they sell. For instance, Sucuri scans every site for a firewall. If it is missing they try to sell it to you.
To truly discover if a site has an infection or vulnerability use something like 'Fiddler Web debugger'. Fiddler will even decrypt the traffic.
It may be the OP that is the rookie.
-
I wouldn't worry too much about Blesta becoming bloatware--it won't.
Good news!
-
What a great part of California. I love the sea breeze there. I hope Phillips Data becomes huge. Glad to have my small investment in Blesta.
-
I suppose it's down to common sense SSN / EIN in usa is yours in uk it's NI Number.
It is a matter of common sense. So we agree.
But as I have said in the past, it is always best to keep things as clear as possible for the website user. Leave no doubt in their mind regarding "click here" or "Fill this out" or using a clear description on a form. Doing this can cut down on support calls and needless emails
-
The OP's approach is more or less what we're already working toward. This is the reason we have extensions. For instance, the Order plugin is not apart of the core, although we currently ship it with Blesta by default. Likewise, gateways and modules are not apart of the core either.
However, there is still going to be a need for core features to some degree. Currently, there are several still pending, such as the ability to merge clients. Many other features, like a mass mailer, are better suited as plugins. We still need to expand on the event system in Blesta to allow for extensions to perform more actions.
There's always going to be some users that need custom feature X, or want feature Y to be changed slightly to work better for their business. But we don't intend to add or change core features that only 1% of users will use. Plugins are better suited in those cases. In the future, you will probably see a decrease in core features, and an increase in extensions.
Ok, you are already on that path toward having simple features being added as a plugin. That was what I was suggesting. And I had no idea Blesta was so young. I mean, I knew is was still being developed to a degree, but I did not know to what degree or exactly how young.
My main point was to keep Blesta trim and fit. That is why I decided to use it. Many of the features we read about here on the forum, IMHO, is best added to Blesta as a plugin and not part of the core. These would be additional features that your clients to use to tailor Blesta for their individual use.
The vQmod sounds like a good idea to make these small, (but critical to have for some people) small features --if it does not disrupt Blesta's security.
Release 3.3.0
in News
Posted
+1
groovy!