Visitor changing "add to cart" query string?

salsal Member
in Help edited October 2007
Sorry if this is the stupidest question out, but what's stopping a visitor from simply changing query string values (make price lower using firebug for example) before "clicking add to cart". Sure orders need to be manually processed by a real person but I was under the impression this is where the datafeed came in somehow as well.
Comments
  • brettbrett FoxyCart Team
    Hi Sal.
    Not a stupid question at all. Currently there's nothing to stop price spoofing, but we do have some (server side) encryption methods coming that'll prevent this from happening. If you're interested in where we're going with this let me know. It'll be a pretty easy method to encrypt all the product options on your end, so there's still no duplication of data anywhere.

    For the time being, it's obviously something that'd need to be monitored, though you could automate this to some extent with the XML datafeed. This is what we recommend if you're using the XML for subscriptions and such.

    Also worth noting that downloadable products have the prices set in the admin, since the delivery is immediate.

    It hasn't been a huge concern, though it's definitely on the radar, and we do have something in the works to make things much more tamper-proof.
Sign In or Register to comment.