PH Shop site - Auto-login

**Jan Spies** · 23-05-2011, 11:27 AM

Firstly, the upgraded site looks quite nice

Just a thought though, is it not possible to have a 'Remember Me' check box put in? I know I'm being lazy, but it would make life just a little bit easier then having to remember to log in before doing anything...

[edit] I think I may have put this in the wrong section...please feel free to move this to the PH - Shop suggestions board

**Firestar** · 23-05-2011, 11:45 AM

Hey Jan,

Sorry man, but I'm afraid not. It wasn't immediately obvious to me either, but there are a TON of security concerns with having a remember me tick box, as that creates a cookie on your machine, which makes your password visible (we don't have a proper encryption system installed for this type of thing). Basically, we'd have to rewrite our entire security module, as well as our log in module, to do this safely and securely. So, for now, we've decided to not do that.

Hope you understand!

**phalen** · 24-05-2011, 07:22 AM

are you using OSC or Zen-cart? having a brief look at the structure & code it seems so. i used to work on both. (coding/back & front-end)

if so:

adding a secure module would be 'not-so-difficult' - the community (osc/zencart) has thousands of custom modules that are easy to install.

btw - will we ever be able to pay by credit card online? or use something like Pay-pal?

**Firestar** · 24-05-2011, 08:51 AM

Hi Phalen,

I'll definitely look into it. We have a bit of a problem with a developer at the moment. Once we get our new developer, we'll get going on a whole bunch of stuff, and who knows, perhaps even this

Credit cards are a bit of a tough choice for us. Paying by credit card makes little sense, if you're going to give away half your markup to a credit card gateway. We could charge more, but that would be unfair to the customers who don't want to pay via card. It's something we want to make work, and it's something we are looking into probably twice to three times a year, but at the moment, we just cannot make it work. Paypal is something we'll definitely consider, once Paypal approves working with ZAR as a currency. At the moment, it's only for export services, and we'll get into trouble with SARS if you make use of it at the moment (I did find out and it's only if you export products or services out of the country, which we don't).

Anyways, thanks for the questions. Keep them coming

**SCHUMI_4EVER** · 24-05-2011, 03:58 PM

I don't think it's right for a shop login to be auto-remembered so regardless of strength of security module I don't think that would be a good idea, it would be kinda like doing the same thing with the online site of your bank though perhaps not quite as damaging as making your bank account that easy to access.

**Firestar** · 24-05-2011, 09:29 PM

Well, Schumi, not really. We do not carry any banking or payment details, nor any CC info whatsoever. Literally, the only thing that could be stolen, is a name/surname, address, phone number and email address. Nothing else.

Heck, you cannot even place orders and get products for free/fraud, since you will still have to make payment via EFT, even if your account is hacked. For us, there is almost nothing worth stealing, tbh. I know phone/email/address info is kind of sensitive, but it's already pretty much public domain data, so it's kinda pointless for someone to steal it (generalising, not all of it is, but most is).

**phalen** · 25-05-2011, 07:00 AM

so why do all gaming sites, like Steam, SOE etc have the option to keep you logged in. they sit with not only your personal details, but your banking details too.

but they have the over-the-top security dont-know-what 'stuff' that should make it... you know, secure. (and for all that SOE still got their asses hacked to hell)

i dont see the harm in having the site keep me logged in. especially if you dont keep my banking details.

**Firestar** · 25-05-2011, 09:27 AM

Steam, SOE, etc, has got millions at their disposal, allowing them to be (at the very least), ok with their security. We don't, I'm afraid.

It doesn't really matter what gets stolen. If we get hacked, and customer information gets stolen, it's a very real risk to our company. And, it's one we're not prepared to take. I don't hand out your email addresses, and I don't keep your password in an unencrypted text file in your computer. Your browser has a remember password facility, and that will have to do for the time being.