Any DELAVO Alternatives? (For Sales/Affiliate Mgmt)

stevenh512 · 05-31-2009, 11:37 PM

Quote:

Originally Posted by TheRichJerksNet

As far as modifying the software yourself, you must understand a developer spends 2, 3, 6 months on a project to build a script. They sure as heck do not want anybody and everybody just getting it and selling it on DP or eBay ... This would kill all sales for the developer, so the developer just wasted months of their time just for some warez user to giveaway or sell a script they never paid for.

In general I like to be able to modify my scripts, or at least write my own code that "plugs into" them to give them whatever custom functionality I might want or need.. but that being said.. as long as the script is actually secure (not just "security through obscurity"), well supported by its author and easy/flexible enough for me to work with I have absolutely no problem with the idea of source obfuscation or Zend/IonCube encoding.

For example, DLGuard is one of my all-time favorite scripts. It comes IonCube encoded (and before that, Sam was using another encoding scheme). I absolutely love it, Sam does a great job of supporting his customers and he makes it easy for me to plug in whatever "extras" I need. DELAVO comes with mostly obfuscated source code, I don't mind because I know John supports his software and his customers, and there may not be too many ways to "plug into" it right now but I hear there's an API plugin on the way and even though there's no documentation for it (and probably never will be.. lol) in theory you could write your own plugins. In those cases I have absolutely no need to modify the actual script myself, I can plug in the functionality I need because they were designed with a good API in mind (and if not, I can always go to straight database queries.. lol), and I know if there's any kind of a security issue Sam or John will be on top of it.

Devan Koshal · 06-01-2009, 06:28 AM

Not all attacks on database result in full access to the database where the hacker can edit data. Most attacks get the database are where the hacker cannot edit the data, only view it. In that case if some data can only be decrypted using the application and the hacker has the password in plain text they have have access to the application, which would allow them to edit data and decrypt encrypted data.

I've built ecommerce stores, email marketing applications and crm's and cms's from the ground up in PHP over the past 7 years.

in the case of an email marketing app the user can't do much damage in the database, since ive encrypted the email addresses and hashed the password, but if he had access to the software, by finding out the password, he could view all the emails in plain text as they would be decrypted and even send spam emails from the server.

The full access to the application can have more damage than access just to the database.

Devan Koshal · 06-01-2009, 06:33 AM

Quote:

Originally Posted by stevenh512

But there is one thing to keep in mind when you're thinking about encrypting passwords in the database. How many of us use SSL on our login pages (or any page where a user might enter or change their password)? What good does it do to encrypt the password in the database when that password is always sent "in the clear" from the user to the server every time they log in?

Very true, but it is possible to use javascript to hash the password before sending it over the browser, it turns up hashed in the http headers.

Tyrus Antas · 06-01-2009, 02:01 PM

Quote:

Originally Posted by TheRichJerksNet

This I agree with and that is the exact reason I do NOT use open source code.

Bull****. Security through obscurity is not security. Do you really think your little script will be secure against vulnerabilities because very few people use it? Once the code is out there it will be as vulnerable as everything else.

In fact, it will probably be worse since very few people will be looking at the code and therefore is more likely to be insecure.

PS: do you ever participate in this forum in a way that is not self-promotional?

Tyrus

06-01-2009, 09:51 PM

I have made many useful post and not self promotion - I have also helped many out without asking for anything in return ... Read the title of this thread and the replies..

FACT: My scripts are secured as I build security into the code, I said nothing about security through obscurity - DO NOT take what I said out of context and post a small line of what I said. You have no idea of the sites I have built and created and if you did, you would not make the rude uncalled for remarks you just did.

I find it offensive that you come in here using bad language just to ruin a good discusssion..

I love how you assume I have "very few" people that use the scripts I build .lol Now that was funny ...

James

SharynP · 06-24-2011, 11:50 PM

Customer view point, having been thru PayPal over 100,000 times, for over 7 years, I have a fair idea of the experience.

I used to make note f the scripts used to order through.
Fantasos(r) and Delavo(tm) were by far the most streamlined and reliable.

And why in recent years I use it. The only times I had a problem, was when the owner had made a mistake in setup, which I could see what it was by then, and email them on the exact problem.

As far as enchryption, it is a funny point, I dont trust many that are enchrypted, but, from a solid organization I do.

As a consumer, the advise I would give is to use a good solid script, and, have links or menus on your sales pages, indecating that the site has substance behind it.

Credibility on the net is as deep as your screne, visuals, substance, evidence of support etc. will give this. The sales page format is almost like a "turnoff" to "mainstream" consumers, and, if you want to stop feeding off each other, like gamblers around a card table, to see who wins the pot, then, this is what should happen.

Also the names of your products reak fear to "mainstram", we know what "viral product" is, but, others think its pirated and contains a virus. "Time Bombs" was a recent name for a WP Plugin, hmmmm, made me wonder if it would blow up my site, and it was enchrypted, so I did not install it.

Just my 2 bits worth, as a well seasoned customer, and one who has thrown her cards in.

Shaz

06-01-2009, 06:28 AM	#52
Devan Koshal Designer/Developer War Room Member Join Date: Sep 2008 Posts: 374 Thanks: 29 Thanked 12 Times in 10 Posts	Re: Any DELAVO Alternatives? (For Sales/Affiliate Mgmt) Not all attacks on database result in full access to the database where the hacker can edit data. Most attacks get the database are where the hacker cannot edit the data, only view it. In that case if some data can only be decrypted using the application and the hacker has the password in plain text they have have access to the application, which would allow them to edit data and decrypt encrypted data. I've built ecommerce stores, email marketing applications and crm's and cms's from the ground up in PHP over the past 7 years. in the case of an email marketing app the user can't do much damage in the database, since ive encrypted the email addresses and hashed the password, but if he had access to the software, by finding out the password, he could view all the emails in plain text as they would be decrypted and even send spam emails from the server. The full access to the application can have more damage than access just to the database.

06-01-2009, 09:51 PM	#55
TheRichJerksNet Guest Posts: n/a	Re: Any DELAVO Alternatives? (For Sales/Affiliate Mgmt) I have made many useful post and not self promotion - I have also helped many out without asking for anything in return ... Read the title of this thread and the replies.. FACT: My scripts are secured as I build security into the code, I said nothing about security through obscurity - DO NOT take what I said out of context and post a small line of what I said. You have no idea of the sites I have built and created and if you did, you would not make the rude uncalled for remarks you just did. I find it offensive that you come in here using bad language just to ruin a good discusssion.. I love how you assume I have "very few" people that use the scripts I build .lol Now that was funny ... James
TheRichJerksNet Guest Posts: n/a

06-24-2011, 11:50 PM	#56
SharynP Advanced Warrior War Room Member Join Date: Apr 2006 Location: , , Australia. Posts: 570 Thanks: 4 Thanked 10 Times in 10 Posts	Re: Any DELAVO Alternatives? (For Sales/Affiliate Mgmt) Customer view point, having been thru PayPal over 100,000 times, for over 7 years, I have a fair idea of the experience. I used to make note f the scripts used to order through. Fantasos(r) and Delavo(tm) were by far the most streamlined and reliable. And why in recent years I use it. The only times I had a problem, was when the owner had made a mistake in setup, which I could see what it was by then, and email them on the exact problem. As far as enchryption, it is a funny point, I dont trust many that are enchrypted, but, from a solid organization I do. As a consumer, the advise I would give is to use a good solid script, and, have links or menus on your sales pages, indecating that the site has substance behind it. Credibility on the net is as deep as your screne, visuals, substance, evidence of support etc. will give this. The sales page format is almost like a "turnoff" to "mainstream" consumers, and, if you want to stop feeding off each other, like gamblers around a card table, to see who wins the pot, then, this is what should happen. Also the names of your products reak fear to "mainstram", we know what "viral product" is, but, others think its pirated and contains a virus. "Time Bombs" was a recent name for a WP Plugin, hmmmm, made me wonder if it would blow up my site, and it was enchrypted, so I did not install it. Just my 2 bits worth, as a well seasoned customer, and one who has thrown her cards in. Shaz