With Drupal+Ubercart, be wary of alternative payment gateways

If you are using Ubercart to do ecommerce with Drupal, be sure to use one of the mainstream payment gatways: Authorize.net or Paypal.

While Ubercart does support a number of alternative payment gateways, the dangers in going with these alternatives are significant. Here's an example of a single day where two of the less well known Ubercart payment modules were exposed as having flaws that allow people to checkout without needing to pay:

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

This means the cornerstone of your ecommerce - payment - could be completely side-stepped. This is is just one example of why we recommend using one of the mainstream gateways.

I do not mean to disparage the hard work of those individuals – I know both the maintainers and coordinators within the Drupal security team worked hard to get timely fixes published. However if you (or your client) must select an alternative gateway, it's vital that you commit adequate time to testing and Q/A of the payment processor.