So a while back, I used these Prostores dudes for some e-commerce stuff for a client.
“An eBay company”, it says. They have to be pretty legit, right? Well, I thought so.
Security Problems
Today, doing some tune-ups for the client, I happened to notice that their store login page is susceptible to a really easy Javascript injection attack, or XSS attack, or whatever teh hax0rs are calling it now. I’m no hacking pro, but this is Web security 101. Actually, it’s remedial Web security. To have that kind of vulnerability on an e-commerce site is awful, and on an eBay-branded site, is downright embarrassing.
So to the layperson, all of this this means a customer could easily get duped and have their info swiped, and perhaps their:
- store wrecked
- merchant account hijacked
- customers’ personal data stolen
Deal-breaker!
Clueless Support
When I called their support today, the poor girl on the phone had no idea what I meant when I asked if my ProStores account could be hosted on a subdomain of an existing domain, i.e. store.awesome-company.com. (This is not a highly technical question in the hosting world). I had to explain everything to her about five times and the resolution was to file a ticket. No, the advanced support guy she had just conferred with was not available to talk to me. Like, duh.
And if you were wondering, oh wayward Internet traveler: it turns out you can’t host your Prostores site on a subdomain. It’s a pretty common, useful feature; this, too, is a deal-breaker, ladies. Ess that dee.
Like + Comments