Security concerns. Change product prices.
Hi,
I have a security concern about when eCart calculates the total payable and passes the value to my payment provider.
I am using the cookies method (although the same problem applies to sessions).
If I add a product to my cart, it creates a cookie and then with a simple cookie editor or text editor, I can change the price of the product from say $1,000 to $50! Then when I go through the checkout, the price is now only $50.
Now I know some people will say that the person doing the order processing should check the price - BUT a customer we are building a site for has 1,000's of products and they automate a lot of their processes and will simply get someone to read the order, pack it and ship it. The person packing it might not even know the value of the items they are packing.
So, is there anyway to get eCart to actually grab the real prices of the added products as the total is sent to the payment provider rather than the price being taken from the cookie?
This is a major security concern for me and quite worrying.
Thanks, I look forward to any suggestions!