Security Breach

Why each generated PDF is sent to your server?

Why are you collecting the data from the customers?

What do you do with this data?



That is a heave loss of confidence.



Take a look at: app\Tygh\Pdf.php



And please explain what you are doing.



Why can’t generate the PDFs by the shop software? In older versions, it was still possible.

And please do not explain it with a missing pdflib in php5, there are plenty of alternatives.

What makes you think they are storing/collecting this info? What point would there be since not everyone generates PDFs?

Personally, I'm happy that they use their own cpu cycles to render data to pdf. One could argue that there might be some performance issues for merchants who serve from poorly connected environments.



If indeed they are collecting the data then yes, there are privacy issues. But I will bet that they are simply providing pdf services to cs-cart where they may be providing this service to other shopping carts for a price. Just because the service is owned by Simbrisk Technologies doesn't mean that all their businesses relate to cs-cart (the product).



Unless you can confirm they are collecting data, calling out the use of an offsite service as a security breach is not only inappropriate, but could be damaging to your reputation if your claims turn out not to be true.

The question is not whether they do, but if they can. And here the answer is yes.



We do everything to protect our customer data, SSL Certificate, secure Server, install updates, respond to problems such as heartbeat and so on.

And then we ignore this gap? Sorry no.



At this point, Simbirsk Technologies can tell what they want, you'll never be sure of, till this gap is shut up.



It may be that you feel this is a feature, maybe it would be one, if there would be an alternative and I could turn it off, but I can't.

And what happens if Simbirsk terminates the service, goes offline, get ddosed or be hacked?



In other products we call that “phoning home”.

Sorry, in my opinion this is a breach of privacy, and I'm sure with this opinion I'm not alone.

We differ in opinion. But a security breach it isn't. You many not like that functionality is provided as a service but that doesn't make it a security issue.



You can turn it off by removing the button for “create as PDF”. Or you could deploy your own Pdf.php class that would utilize the old library in the render() function. You would need to change instances of “use Tygh\Pdf” to “addons/my_changes/lib/Pdf” (assuming that's where you put your new class).



Data is sent to all kinds of vendors from all shopping carts. This includes Google, the shipping carriers, fulfillment services, various shopping networks and affiliate marketing sites (Amazon, Ebay, etc.), and a wide variety of smaller analytic/tracking sites. Much of the same info sent in an html formatted invoice is sent to those vendors too.



Note too the (now) significantly reduced error_log size from moving away from the resident version of PDF which always has/had font issues and many other issues related to PHP notifications. It hasn't been maintained/updated for years and has no awareness of html5 and/or current css (or responsive styling). In fact, I doubt it even recognizes the media-type property.



You should address your concerns with CS-cart directly. A community forum can't really provide any definitive answers. What I've stated above is my opinion which may or may not be valid as it relates to cs-cart policies/practices.



I guess if you don't trust your vendor, then you should use a different vendor. If my clients don't trust me, my business suffers. If I can't trust cs-cart/Simbrisk (with non-CC data), then I should look elsewhere for my products. They have NEVER created any security issues and have always been pro-active in addressing any that are found. Note also that they are completely compliant with PCI/DSI so I would assume that this service has been certified as PCI/DSI compliant as well.



Note also that a lot of things are changing in order to move cs-cart to a SaaS product. So don't be surprised if more functionality is implemented as a service (shared among SaaS accounts) versus a copy for each account.

Packing Slips and Invoices are reviewed by customs agents the whole world round. Heck, they are stuck on the outside of the shipment in little plastic envelopes.

There is no sensitive data in those documents.