Opencart to take security seriously - total fail :(

Quote

Post by Macgomes » Fri Jun 21, 2019 8:36 pm

Hello everyone,,,

Do we think Opencart should take security more seriously?
or is that the responsibility of the site owners?
I think it's a bit of both.
Take this, Opencart.com scores a big fat F (fail) here
https://securityheaders.com/?q=opencart ... directs=on
and here
https://www.htbridge.com/websec/?id=1nvubsLRshowbox.bio/ tutuapp.uno/ vidmate.vet/
I've implemented most of these on an actual OC website and got an A on securityheader.com.
but I can't implement a safe Content Policy without adding 'unsafe' options because (at least my version 2) opencart uses lots of inline javascript.
(just tested a fresh install of OC3, F for fail again :-\ )
What do you score?
Last edited by Macgomes on Wed Jun 26, 2019 3:00 am, edited 1 time in total.
Macgomes
Newbie
Posts
12
Joined
Fri Jun 21, 2019 8:30 pm
Top

Re: Opencart to take security seriously - total fail :(

Quote

Post by straightlight » Sat Jun 22, 2019 12:02 am

(just tested a fresh install of OC3, F for fail again :-\ )
What do you score?
Less than half since most of those reported issues can and must of been resolved on Github already as we speak. Besides, server specs also matters to cover security subjects in this case which, on the first post, these were not indicated but rather pointed as a platform issue situation.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top
Post Reply
Return to “General Discussion”
Who is online

Users browsing this forum: alzoriki and 165 guests