1
Cuidiu
Donations Module Advice
  • 2006/6/9 0:58

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Hi All,

My friend is creating a memorial website for a friend who passed away. A scholarship fund is in the works and she wanted to use the Donations module for PayPal donations. However, she is wondering how secure the module is. In other words, how likely is it that someone could hack a XOOPS site with this module and input their own PayPal account to accept the donations...? I don't feel it is all that likely but I know hackers have the ability to make things appear just as they should for phishing purposes, account stealing, etc. So, the question is... is this kind of hacking possible with the Donations module? She would be using XOOPS 2.0.13.2 with Protector and anonymous users would be permitted to access the Donations module. Would appreciate thoughts on this from the XOOPS community.

Thanks in advance.

Cuidiu
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

2
Cuidiu
Re: Donations Module Advice
  • 2006/6/9 19:08

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Just asking an opinion here... no code to hack or anything.

Was it a stupid question?
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

3
zyspec
Re: Donations Module Advice
  • 2006/6/9 21:42

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


It's not a stupid question but I doubt anyone will give you a It's Safe "sticker". Given enough time and motivation almost any system can be compromised. XOOPS is better than most in providing security measures to prevent the type of 'hacking' you're discussing. If you keep up to date with the patches, uses as few modules as possible (to minimize risk) and use the Protector module you're well on your way to providing a secure environment for your site.

The donations module stores the information in the database so it is much better than just having your information hard coded into a form. Ultimately someone would have to hijack your site and either replace your donations page with one of their own or create a fake PAYPAL site before they could get your user's information.

There's nothing inherently risky about the x-donations module and many sites have used this module for years without any problems.

One thing to remember is that there is always a risk/reward analysis. The amount of time/effort required to attempt this appears to me to be well beyond the payback for taking such a risk on a small site taking donations (even if it eventually could be several thousand dollars).

4
Cuidiu
Re: Donations Module Advice
  • 2006/6/9 21:54

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Great response, zyspec! I completely understand that any system can be compromised. I wasn't looking for a safe sticker. I was curious as to what the XOOPS community's opinion was on the topic. I have little experience with modules other than installation and set up, so one that results in funds directed to PayPal makes me a tad nervous. My friend is going forward with the project. We will definitely be keeping an eye on security with XOOPS. I have another site I'll be using XOOPS on so I'll be in touch with things here.

Thanks again for your reply. It's much appreciated!

Cuidiu
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Login

Who's Online

495 user(s) are online (400 user(s) are browsing Support Forums)


Members: 0


Guests: 495


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits