As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I'm not sure which Stack Exchange site this would be best suited to so please move me if needed.
So my clients came to me with their eCommerce kiosk running Internet Kiosk Pro. The kiosk accessed their normal eComm store which was a very bad idea and we are working on a kiosk friendly store now.
In looking at the kiosk software I found it is Russian in origin and (call me a bigot) but I'm a little concerned by that given the amount of bad press around the Russian Mob and credit card scams.
Does anyone have good intel on Ixis Research LTD?
Anyone know of a set of kiosk software they feel is verified as secure and made by reputable folks?
Am I being paranoid to worry about this? I feel strongly that this "black box" could be a tool to collect valuable private information.
// 8.24.2012 Update
One last comment on this- Authorize.net "certifies" Provisio's SiteKiosk but if you ask Provisio about PCI compliance you get a stock letter about how that isn't their problem and is not germane to their product. This mishapen sentence pasted in from their document: "PCI compliance to a large extent deals with storing and securing cardholder data. SiteKiosk does not store any cardholder data which eliminates the need for the store and secure cardholder data. The customer data is stored, transmitted, and processed through the payment gateway." They do go on to say that you should get your own certification for the kiosk machine, network hardware and config, and software on the machine. They do not offer any third party analysis or certification as proof their product is secure.
Normally any software application that is handling credit card account data should go through PCI-DSS audit by a certification company that will perform a set of tests on the software and provide a report on any ways that the software failed the audit.
Here is a description and documentation on the PCI standards. I have worked with an auditing firm called Coalfire with the point of sale application with which I work.
So the first question is whether the kiosk software has been through the PCI-DSS compliance audit or not. The major credit card vendors are getting more and more sticky on this point.
After reading about STUXNET and other types of malware, I am not so sure that firewall restrictions will make much of a difference since after all you are installing and configuring the software per the instructions from the vendor including any firewall configuration changes the vendor requires.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
We sell a subscription to a software program and the data is stored in a SQL server.I want to grab a users expiration date and then display it on joomla. Our server guy said he uses REST. Can anyone help me understand how this data is passed from the SQL table to text on joomla? He also mentioned it has to pass through SSL but I am not certain where that ties in.
I am a complete novice and have no idea where to start when learning this material. Any resources to learn more would be appreciated. Thank you
I'm not going to give you resources, just query google or youtube for that. There are so many out there, it's hard to point you to the right place.
From what you say it appears that your software information is running on a different server than joomla.
You can address this either with a direct connection to the database or by creating a dedicated software that will handle your requests on the "software info" server.
Direct connection
Usually remote access to a db server is disabled, and it's a good security measure. You could however use mysql remote tables and limited accounts and access the remote database directly from a Joomla module or component. This solution is pretty bad because it's dependant on the structure of the remote database.
Writing software
Here your Joomla extension would query a new software which you have to place on the database server. From what you write, the connection should be secure (https / ssl).
How you implement it (using REST, passing parameters with GET etc.) is really not significant, but there may be company standards and REST is nice and easy to understand.
So you would have to http get from your joomla extension:
(REST)
https://info-db-server-ip/license/130
(GET)
https://info-db-server-ip/license/index.php?userid=130
and the script would typically return a json encoded response which contains the license details.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have heard a lot about MS Phone HTC and wondering if any developer has used them. If so, what is the first step toward development this device with no experience in phone programming?
Thanks.
You may want to sign up for Microsoft's Generation App program - it's a free, staged set of training and resources leading you through the process of designing, developing, monetizing, and submitting your app. It's essentially a curated set of links, documents, samples, etc. delivered in a daily e-mail.
I know you mentioned HTC, but Nokia also has a great developer program they are rolling out at http://dvlup.com; it's in limited preview at the moment, but you can submit your e-mail and be notified when it's fully open.
Hard to tell, where to begin. First of all start by visiting this page and download+install the WP8 SDK:
https://dev.windowsphone.com/en-us/develop
Note you need Windows 8 x64 Pro and newer CPU to run the SDK and the emulator (Core-i5 or better is recommended).
Then I would recommend reading some book about C# development and/or start testing various samples provided with the SDK here:
http://msdn.microsoft.com/en-us/library/ff431744(v=vs.92).aspx
and also here:
http://code.msdn.microsoft.com/wpapps/
This is a nice free ebook about C# from Charles Petzold:
http://www.charlespetzold.com/dotnet/
As for the device, I own HTC's 8x and I'm developing apps on it with success. The device choice is up to you, whatever you like better.
As for resources to begin programming. It depends whether you have .NET programming background at all. If you do, all you really need is on Windows Phone Dev Center. With a bit of patience and passion you will succeed :)
It's also worth buying a good book as it guides you through the whole process.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have been looking around and noticed that ecommerce sites are not using social auth and i am building an ecommerce site and wanted to know the reasons for not using social auth.
It depends, will you be storing credit card details? You might hit some problems with PCI compliance if purchases can be made through social network logins.
If you're just using it as a useful way of signing up, you should be OK.
In a recent survey my employer conducted, we established that in younger (<30 years) users there was a perception that they did not want to link financial data with there social networking data due to, primarily, a lower level of trust in social networking brands, w.r.t visa et. al
I would never trust any site that allows me to login with my Facebook account. Too much risk for getting my user and password sniffed out and abused.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
There are good online store building solutions like Shopify, Volution, etc.
I'm looking to build my own small-scale service like that.
Are there any customizable online store building scripts I can install on my own server or companies that offer reselling opportunities?
VirtueMart is another very simple e-commerce app that my clients have used very successfully. It's based on Joomla, but still is an effective and easy tool to deploy.
I'll warn you, there's not a ton of money to be made building e-commerce "services" to resell. There's a million and one people doing it and it takes a LOT of work to get right. Not to mention the heartburn that goes along with payment processors and dealing with fouled transactions, which happens to the best of systems. People don't have a ton of patience when it comes to credit card transactions and I found myself doing tech support at the worst possible times. These are HIGH MAINTENANCE apps if you're not just doing it for yourself...
Magento has a pretty sweet multi-store setup. My company runs a fulfillment house using a single magento install and a store front for each individual client. All our orders are visible under the central dashboard and it's easy enough to create new stores once you get the hang of things.
Check it out here:
http://www.magentocommerce.com/blog/comments/multi-store-retailing-magento-demo/
Note: Magento has a very steep learning curve, not recommended for beginners.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Does anybody know a provider offering TV listings (through API or download) for all channel and cable providers?
Or is there any independent company collecting/providing such data?
An API/REST/SOAP interface would be great.
The MythTV folks have gathered resources for various countries here. If you're in the US or Canada, they recommend the Schedule Direct service.
These services are generally based on the XMLTV data format/toolset.
Rovi offers both SOAP and REST APIs for TV listings. It supplies listings for all channels of the cable, satellite, and broadcast services in multiple countries. Rovi is the source the cable companies use. See this website.
Schedule Direct doesn't grant commercial licenses. I'm checking out tvrage as mentioned above and Rovi right now.
Edit: If this is a commercial project, I recommend contacting Tribune Media Services (click "License our Content" in the footer at Zap2It.com). That was the solution I chose for my company, simply because they were much more prompt in their response than Rovi. The paid listings are XML files.
If all you need is a non-commercial license, SchedulesDirect works very well. If you have questions about their licensing, they encourage you to ask. We started using their listings and then had to change tack because of licensing issues.
You could contact staff of WebTelevideo at info#webtelevideo.com that has solved your problem. They may provide you an account to their own API.
WebTelevideo API has TV Scheduling for many countries and metadata (actors, directors, plot, trailers, posters etc..)