Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Generated Invoice Comes From Another Website - Hacked? Rate Topic   - - - - -

 
  • Flow
  • Super Duper and Amazingly Sexy Senior
  • Members
  • Join Date: 13-Oct 10
  • 2302 posts

Posted 02 November 2015 - 08:57 AM #21

@Tony - yes we have disclosures for every payment provider, mailchimp, analytics, and so on. It's not that I want that and think it's really necessary, it's simply EU law. Just like driving through red when nobody is there, not sharing these things is simply illegal, nothing philosophical about it.


When life hands you lemons, bring on the Tequila baby!


 
  • mokeshop
  • Senior Member
  • Members
  • Join Date: 27-Jul 12
  • 1005 posts

Posted 02 November 2015 - 10:10 AM #22

Ps and why is content transfered over non-secured protocol?

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11362 posts

Posted 02 November 2015 - 07:54 PM #23

@Flow.  Ouch, that's a lot of work for disclaimers.

Suggest you submit to bugtracker that cs-cart needs to provide that disclaimer per EU law.

 

@demeldoo - suggest you too submit to bugtracker though there is no requirement to utilize secure channels for transmitting any data.  I'm not aware of any law that requires it.  Policy, yes, but not laws.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • mokeshop
  • Senior Member
  • Members
  • Join Date: 27-Jul 12
  • 1005 posts

Posted 03 November 2015 - 05:37 AM #24

@Tony - yes we have disclosures for every payment provider, mailchimp, analytics, and so on. It's not that I want that and think it's really necessary, it's simply EU law. Just like driving through red when nobody is there, not sharing these things is simply illegal, nothing philosophical about it.


Can you? I'm getting annoying :P

 
  • NairdaCart
  • Senior Member
  • Members
  • Join Date: 18-Jul 11
  • 306 posts

Posted 04 November 2015 - 05:26 PM #25

Got to agree that this is a major issue as far as EU privacy law goes. There needs to be an explanation of exactly how the process works so it can be included in the privacy pages.

 

Also I'd like to see KB article made on how to make the process local as well if possible.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11362 posts

Posted 04 November 2015 - 07:40 PM #26

Suggest you either generate a helpdesk ticket or send an email to sales AT cs-cart.com.  Please update this thread with the response you get.

 

As discussed above, it is not difficult to create an addon that would do local PDF processing.  You have to identify the PDF library you want to use, install it and then intercept the request(s) via pre controllers to process locally.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • natewallis
  • Senior Member
  • Members
  • Join Date: 11-Jan 13
  • 189 posts

Posted 04 November 2015 - 08:11 PM #27

Would anyone be interested in purchasing an addon that handles PDF rendering?  



 
  • NairdaCart
  • Senior Member
  • Members
  • Join Date: 18-Jul 11
  • 306 posts

Posted 05 November 2015 - 08:55 AM #28

Suggest you either generate a helpdesk ticket or send an email to sales AT cs-cart.com.  Please update this thread with the response you get.

 

As discussed above, it is not difficult to create an addon that would do local PDF processing.  You have to identify the PDF library you want to use, install it and then intercept the request(s) via pre controllers to process locally.

There is already a bug tracker request for it which I'm following.

 

It might not be difficult but there should be a KB article at the very least explaining how to do it as it's such a fundamental flaw in the product which could lead to a lot of legal trouble for a store owner. 

Natewallis, I don't see why people should have to pay for an addon to resolve an issue such as this.



 
  • natewallis
  • Senior Member
  • Members
  • Join Date: 11-Jan 13
  • 189 posts

Posted 05 November 2015 - 10:33 AM #29

I was thinking about developing one for myself if CS-CART don't come to the party with a solution and was thinking about re-selling it. 



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11362 posts

Posted 05 November 2015 - 05:46 PM #30

A bit of history....

PDF used to be generated by a library used locally and from a 3rd party.  There were many bugs and once people went to PHP 5.4, much of that library generated so many errors/warnings/notices that one's error_log file was simply filled with errors related to fonts and deprecated features.  I.e. the 3rd party didn't maintain the software.

 

So in V4, cs-cart chose to provide PDF generation as a software service.  I don't speak for them so can't address any regional business considerations they may have used in their decision.

 

But from an operational standpoint, other than maybe once when cartservices.com was down, there have been literally zero issues with generating PDF's.  Unfortunately they introduced a bug that compromised some privacy issues and seem to have been very quick to correct it.

 

it does surprise me that cs-cart always lays silent on these things and then wonders why people get all spun up when a response from them addressing concerns  might just cool things down.

 

I don't work for cs-cart and have simply tried to provide information about history and current implementation.  I'm not a lawyer nor a pollicy maker (outside my own domain).  So please don't shoot the messenger!

 

The KB would not provide guidance for how to build the addon.  It's not what the KB is for and the product is designed to use the service.  So it is in fact "working as designed".:-)


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • mokeshop
  • Senior Member
  • Members
  • Join Date: 27-Jul 12
  • 1005 posts

Posted 20 January 2016 - 03:10 PM #31

anyone posted this to bugtracker?

 

pdf generation should be secure and invisible ;) or somekind of notification has to be added to  terms



 
  • Flow
  • Super Duper and Amazingly Sexy Senior
  • Members
  • Join Date: 13-Oct 10
  • 2302 posts

Posted 03 September 2018 - 05:33 AM #32

Is cs-cart still using a 3rd party PDF generatort? If so there needs to come a local option asap.

 

Please also see https://forum.cs-car...on-local-again/


When life hands you lemons, bring on the Tequila baby!


 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 742 posts

Posted 04 September 2018 - 02:51 AM #33

 

Is cs-cart still using a 3rd party PDF generatort? If so there needs to come a local option asap.

Completely agree,  I just stumbled upon this thread today,

Is it compliant with EU, AU and US law,  and is it now https?

 


 
  • Flow
  • Super Duper and Amazingly Sexy Senior
  • Members
  • Join Date: 13-Oct 10
  • 2302 posts

Posted 04 September 2018 - 07:59 AM #34

 

Completely agree,  I just stumbled upon this thread today,

Is it compliant with EU, AU and US law,  and is it now https?

 

 

 

You could give me some support in the bug tracker :) https://forum.cs-car...on-local-again/


When life hands you lemons, bring on the Tequila baby!


 
  • albertpro
  • Member
  • Members
  • Join Date: 25-Nov 07
  • 118 posts

Posted 07 November 2018 - 02:55 AM #35

This is still going. Here is the log after the order placed.

 

 

Requests (http/https request)
URL: http://converter.car....com/pdf/render
Response: 1
  — — 11/06/2018, 18:46 Orders (status change)
Order: # 50363
Status: Open -> Order Placed
  — — 11/06/2018, 18:46

this need to be fix.


CS-CART: version 4.6.1


 
  • Flow
  • Super Duper and Amazingly Sexy Senior
  • Members
  • Join Date: 13-Oct 10
  • 2302 posts

Posted 07 November 2018 - 06:58 AM #36

This is still going. Here is the log after the order placed.

 

 

Requests (http/https request)
URL: http://converter.car....com/pdf/render
Response: 1
  — — 11/06/2018, 18:46 Orders (status change)
Order: # 50363
Status: Open -> Order Placed
  — — 11/06/2018, 18:46

this need to be fix.

 

Yes see https://forum.cs-car...on-local-again/and help us get cs-cart to take action!


When life hands you lemons, bring on the Tequila baby!


 
  • Darius
  • Douchebag
  • Members
  • Join Date: 20-Apr 08
  • 3290 posts

Posted 07 November 2018 - 07:54 AM #37

This is why I got disabled invoices in front end and do not do pdf's on site. I simply get html and internet explorer prints pdf option to file that I submit to customer as order attachment..



 
  • Flow
  • Super Duper and Amazingly Sexy Senior
  • Members
  • Join Date: 13-Oct 10
  • 2302 posts

Posted 07 November 2018 - 08:33 AM #38

This is why I got disabled invoices in front end and do not do pdf's on site. I simply get html and internet explorer prints pdf option to file that I submit to customer as order attachment..

 

And you have automated this somehow?


When life hands you lemons, bring on the Tequila baby!


 
  • Darius
  • Douchebag
  • Members
  • Join Date: 20-Apr 08
  • 3290 posts

Posted 07 November 2018 - 11:26 AM #39

Nope, not processing more then 5 orders a day.

 

But its better then invoices floating somewhere among hundred thousands cs-cart stores.

 

It is information, I would not wonder if one day we will find out all of our sale data will be on some remove Russian server..

 

Also cs-cart users may get in to big problems and fines for cc orders for store not being PCI compliant.

 

 

 

And you have automated this somehow?