Drupal

With Drupal+Ubercart, be wary of alternative payment gateways

Learn why using mainstream payment gateways like Authorize.net or Paypal is crucial for secure ecommerce with Drupal's Ubercart. Avoid pitfalls associated with alternative gateways.

Joaquin Lippincott, CEO
Jun 17, 2010

If you are using Ubercart to do ecommerce with Drupal, be sure to use one of the mainstream payment gatways: Authorize.net or Paypal.

While Ubercart does support a number of alternative payment gateways, the dangers in going with these alternatives are significant. Here's an example of a single day where two of the less well known Ubercart payment modules were exposed as having flaws that allow people to checkout without needing to pay:

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

This means the cornerstone of your ecommerce - payment - could be completely side-stepped. This is is just one example of why we recommend using one of the mainstream gateways.

I do not mean to disparage the hard work of those individuals – I know both the maintainers and coordinators within the Drupal security team worked hard to get timely fixes published. However if you (or your client) must select an alternative gateway, it's vital that you commit adequate time to testing and Q/A of the payment processor.
Drupal

Similar posts

Artificial Intelligence

The robots are painting

A lot has been said in the media about AI generated art, but how does it actually work (from a human perspective)?

Joaquin Lippincott, CEO Oct 27, 2023

Get notified on new marketing insights

Be the first to know about new B2B SaaS Marketing insights to build or refine your marketing function with the tools and knowledge of today’s industry.