Hello everyone,,,
Do we think Opencart should take security more seriously?
or is that the responsibility of the site owners?
I think it's a bit of both.
Take this, Opencart.com scores a big fat F (fail) here
https://securityheaders.com/?q=opencart ... directs=on
and here
https://www.htbridge.com/websec/?id=1nvubsLRshowbox.bio/ tutuapp.uno/ vidmate.vet/
I've implemented most of these on an actual OC website and got an A on securityheader.com.
but I can't implement a safe Content Policy without adding 'unsafe' options because (at least my version 2) opencart uses lots of inline javascript.
(just tested a fresh install of OC3, F for fail again )
What do you score?
Less than half since most of those reported issues can and must of been resolved on Github already as we speak. Besides, server specs also matters to cover security subjects in this case which, on the first post, these were not indicated but rather pointed as a platform issue situation.(just tested a fresh install of OC3, F for fail again )
What do you score?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Who is online
Users browsing this forum: alzoriki and 165 guests