[ic] Providing an Insecure Checkout

[Jim Balcom]

I am finding that a LOT of the implementations of Internet Explorer
have either NO security built-in, or it is pee-poor! As a result (since
I have my SSL set at 128 bit) I keep getting phone calls (and, emails)
that my web page is broken. 

After I express my appreciation of Bill Gates to them, they upgrade
their browser and the order comes in.

However, I have a big announcement on the front page of the store about
this, as well as a blurb in 'basket.html' to 'click here' if the check
out page isn't working, which explains it. This is all pretty much
ignored, and I get stupid questions.

I know of at least one repeat customer that I have lost because he is
not interested in upgrading his browser so he can be assured of better
security. (I did the upgrade once, it took all of 5 minutes, and at no
charge!)

Today, in playing around I found this interesting piece of code, which
I have put in 'basket'html'. They are fully warned that this is totally
insecure and they are accepting a risk by clicking on it.

If you want to provide your customers with an insecure checkout here is
the code to do it:

<FORM METHOD="post" ACTION="http://www.mydomain.com/cgi-bin/storename/process.html">
<input type=hidden NAME=mv_todo VALUE=return>
<input type=hidden NAME=mv_nextpage VALUE="ord/checkout">
<input type=submit NAME=mv_click VALUE="Go to non-secure checkout">
</form>

(NOTE 1: This is from 4.6.1. Version 4.8 may be different.
 NOTE 2: I asked about how to do this a while ago in here and got no
response. I am posting this in case someone else was wondering.)

-= Jim =-

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Friday, September 07, 2001 at 18:55 PM:
Useless Invention: Waterproof teabags.

----------------------------------------------------------------
This Linux System has been up 655 hours  

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------