Why isn't there many Filemaker shopping carts?

[simon1663]

It seems that there are lot of talks about using Filemaker for web shopping carts. But there is only one filemaker shopping cart in the market : CH Ching. Well, Ch Ching is not really 100% filemaker - it's Lasso based. And costs a hell!

Has anyone made a Pure Filemaker based shopping cart? The knitting factory example that comes with filemaker is really dumb.

Has anyone tried to build one and then given up because it's unachievable + nonsecure? What sort of hardles did you face?

Very interested to hear your thoughts!

[cjaeger]

The main problem is to find a FileMaker hostig service offering https certificates and such at an acceptable price compared to shop hosting using php and perl engines.

[Anatoli]

CDML lacks many commands, variables, procedures and speed. I've build many application which are working great on the "dumb" level.

IMHO, if you want to go higher, without Lasso or php it is next to impossible.

[simon1663]

CDML lacks many commands, variables, procedures and speed. I've build many application which are working great on the "dumb" level.

IMHO, if you want to go higher, without Lasso or php it is next to impossible.

Really??

By theoratical computer science, if something can be done in lasso,php - it can be done in filemaker as well

only question is how easy or hard it is in FM than others...

I am more interested in security issues.

Also, Anatoli - can I look into any sample shops you may have done?

[Anatoli]

RE: By theoratical computer science, if something can be done in lasso,php - it can be done in filemaker as well

Definitely not. It can be done just in FM using huge scripts and that is not an option for web and WC.

Lasso is fully developed computer language, CDML is not. Try to calculate 1 + 1 just in CDML. Impossible. In Lasso you can program almost anything.

[simon1663]

Ever heard of the Turing machine? It does not have a built in Arithmetic chip to do 1+1. But it can still add two numbers!

And I did not say CDML - I said Filemaker. Considerable difference between the two.

Don't worry about it.

Ok, let me rephrase - say if CDML did everything PHP can do - would you make a shopping cart software in Filemaker? But all other limitation of filemaker still apply ;-)

[Anatoli]

RE: And I did not say CDML - I said Filemaker. Considerable difference between the two.

I was thinking that we are speaking about shopping carts. AFAIK, such thing exist in Internet Universe. FM without WC or php or ODBC or Lasso doesn't exist in that space.

If you want to play with words or be clever, find something else, I do not have the time...

[cjaeger]

shopping carts are an extremely simple things. Basically, it's a find request, entering a number (# of items ordered), then build and mail a report (the actual order) + session control.

in CDML, piece of cake.

the problem (apart from finding a filemaker hosting service) is:

- speed

- security

- reliability

security and speed being the problem with FileMaker, unless you run a closed shop for selected (kown) customers only or use lasso/php/perl. You can not easily implement a credit card validation service, nor can you protect against entering arbitrary form data.

[Unable]

What am I missing?

"You can not easily implement a credit card validation service...". Ok, so it's not easy. But can it be implemented in conjunction with FileMaker?

"...nor can you protect against entering arbitrary form data." By which you mean?

What is the difference between "arbitrary form data" and "erroneous form data"? How does one protect against either with a "web form" if FileMaker is not involved?

[cjaeger]

Hi Unable,

sure it can be implemented. You can either program your own plugin, write a perl or php or lasso or applescript, use XML to query a remote server ... It just cannot be done using FileMaker alone ...

As for the second, I cannot safeguard against someone who sets up a perl script which fires 1000 random submissions a second at the server bringing it down in an instant.

[simon1663]

Anatoli, I am very sorry to waste your time. Obviously you have overlooked my main question, which rather was - what are the limitations you have faced rather than what programming limitation you have faced. It is clear that CDML is very limited.

The fact is, I have discovered a way to do Object Orientated programming inside filemaker itself without the use of any plugin or whatever! Pure 100% Filemaker only. There is a little bit of CDML trick in it. But virtually I should be able build any web application in Filemaker even fmfourms.com! Except probably file uploading.

Anyway, thanks for those you have pointed out issues such as security( which I have resolved), mass attack, Credit card validation etc.

By the way, if someone wrote a perl script to attack a php site 1000 times per second, I am pretty sure they will be sufferring too.

[Addam]

I just had to jump in here... No one seemed to mention JavaScript...

Building a Shopping Cart in FileMaker using CDML is an EASY task with the help of JavaScript. Between CDML & JavaScript, I've built functions that are similar to a shopping cart... accept they are pulling person information and not product.

CDML is nothing more than a way to get information to the web. THAT'S IT! if you use it for that and don't rely on it's limited functionality... your good!

Example:

Use JavaScript & HTML forms for navigation, functionality, storing results and all calculations... Use CDML to populate the information. Then once it's check out time, use JavaScript to grab the stored results (on a Hidden Form) then send those items to FMP for processing. That's pretty much it in a nut shell...

Then you won't loose out on "speed" (The calculations are done by JavaScript and HTML Forms.... These use the speed of your browser, all FMP is doing is passing information to the browser.), "security" (use a Secure Server... JavaScript will be doing all of the calculations & organizing no harm in that...) and "reliability" (as long as your browser allows JavaScript {most do} then if it works once, it will always work!).

Using JavaScript will allow the need for FMP Scripts to go away. I know that Anatoli doesn't like using them for the web and neither do I. So basically... all you FMP Client is doing is sending record information and NOTHING ELSE! lol

Just my two cents...

[cjaeger]

By the way, if someone wrote a perl script to attack a php site 1000 times per second, I am pretty sure they will be sufferring too.

yep, but php (or perl) can easily be set up to ignore requests frorm a certain IP address if requests exceed 10 per second (or add/activate a blocking rule on ipfw concerig requests from this ip).

[Anatoli]

Sure, Addam is 99% right, I was also using plenty of JavaScript in my Shopping Carts.

I am not so sure about the *"security" (use a Secure Server...*

FM and WC are not very secure. One can usually get quite much from FM databases like Customer Names and emails etc, that is the missing 1%

I've found the FM+WC+WSC+IIS quite fast combo. Doing around 10 full transactions on Celeron 1.3GHz and ATA drive in second of CPU processing time is not slow.

[Addam]

True!

The security is not all that great between the two... but there are many ways to get around it people getting information they shouldn't be getting. I'm just speaking on a cost effective kind way... Between proper use of iFrames, cookies, pop-up windows, and security policies setup on the server (firewalls, IIS Lock Down, etc.), you can achieve a pretty stable secure environment.

You are absolutely right though... They could do better on the security...

[Unable]

"I cannot safeguard against someone who sets up a perl script which fires 1000 random submissions a second at the server bringing it down in an instant. "

"... but php (or perl) can easily be set up to ignore requests frorm a certain IP address if requests exceed 10 per second"

cjaeger, I think I should leave you to argue with yourself.

[Keith M. Davie]

"I am not so sure about the *"security" (use a Secure Server...*

FM and WC are not very secure. One can usually get quite much from FM databases like Customer Names and emails etc, that is the missing 1%"

But I have noticed that it is easier to blame the tool.

Oh Anatoli, you really do miss me. How sweet.

The issue which Anatoli addresses can be handled by FileMaker with the intelligent use of ScriptMaker. I know. I've done it. Much as Anatoli may hate to admit it. I HAVE DONE IT SUCCESSFULLY.

[Addam]

Hey Keith...

What r some examples of methods!? if you don't mind sharing. This is a good thing for the FMP Community to know...

But if it's like a "TOP SECERET" thing, I also understand.

[omiossec]

Addam said:

passing information to the browser.), "security" (use a Secure Server... JavaScript will be doing all of the calculations & organizing no harm in that...) and "reliability" (as long as your browser allows JavaScript {most do} then if it works once, it will always work!).

But remember that javascript is a client side.

First for some reasons some clients disable javascript.

Second As js is a client side langage, the more complex the script is, the more languer the page is.

Third Javascript is not really secure, for example someone could modify variable in the script (for example total price, item price ....) and submit wrong value.

So it's preferable to use a server side language (lasso, java, php ...) to perform this type of operation

[Addam]

omiossec said:

But remember that javascript is a client side.

I'm aware of that... This cuts down on the server load.

First for some reasons some clients disable javascript.

The old browsers disable this as a default. They are enabled as a default in the new browsers, also it would be a dis-service to the enduser if it wasn't enabled since most websites use Flash & DHTML which require JavaScript.

Second As js is a client side langage, the more complex the script is, the more languer the page is.

True, but if you have lots of functionality on your page that requires JavaScript, then it shouldn't be an issue. It's not like JavaScript makes your page load THAT MUCH slower than it would without it.

Third Javascript is not really secure, for example someone could modify variable in the script (for example total price, item price ....) and submit wrong value.

If the JavaScript is within' the HTML document, then that means the user would have to edit that document and then post it back on the server in which it came. This means that it is just as secure and a plain HTML document. So submiting the "wrong value" or "changing the way something functions", is not a huge issue if this portion of your site is secure as all shopping carts should be.

So it's preferable to use a server side language (lasso, java, php ...) to perform this type of operation

Well... like you said... it's a matter of preference... If you have a SEVERAL endusers on your site and they buying items and you are using your SERVER to store & maintain the results, calculate the items and process the results, then you have wwaaaayy more server trafic and processes than needed. Thus, causing your server to be bogged down in these types of transactions when all it should be doing is kicking up pages to the web and doing the final transactions.

Personally... I find that JavaScript is a simple way off doing these types of transactions. It just makes things that much easier.

[Anatoli]

I am using both, server side and JS.

So far nobody complained about JS ON.

JS code is always smaller, than picture of product.

[Leb i Sol]

this is an interesting post.....

BUT I told you ALL long time ago....FM sucks

"Who needs computers.....trained pigenos 4 sale! THEY can fly up to 120 km in distance" (1-800-Oh-Crap-My-DB-Chrashed)

[FMWebschool]

Read this, there are some

Finally a fully functioning, credit card accepting, shopping cart system for FileMaker 7.0!

http://www.fmwebschool.com/fxcart.php

You can watch FXCart in action at: http://www.fmwebschool.com/fxcart.php

-------------------------------------------------------------

FXCart allows your customers to:

* Perform searches of all of your products

* Search Categories

* Display multiple items

* Display Details of items

* Add to cart

* Add multiple items to the cart

* Update the cart

* Delete items from the cart

* Calculate Shipping

* Calculate taxes

---------------------------------------------------------

FXCart ships with:

* Compel FileMaker 7 Order system

* Complete shopping cart system and web files

* 4 Sample templates to choose from

* Users Guide

---------------------------------------------------------

With the FileMaker 7 database, you can easily add your own products and images. The web template files are enable you to add your logos and site content.

FXCart uses FX.php. If you would like to download a free copy of FX.php please navigate to:

http://www.fmwebschool.com/fxphp2.htm

Publishing a custom web solution with FileMaker Pro 7 requires FileMaker Server 7 Advanced, or a FileMaker Web Hosting Provider.

Set-up Windows requires: FileMaker Pro Server 7 Advanced, IIS and PHP installed. A self installer for PHP for IIS can be downloaded at: http://www.php.net/get/php-4.3.11-installer.exe/from/a/mirror

Set-up for Macintosh: Luckily Mac OS X comes with Apache and PHP already installed as the default web server. You will only need to download and FX.php and enable PHP on the Mac

Our PayPal solution will be available on Friday July 1'st.

In Kindness

Stephen K Knight

http://www.fmwebschool.com

[FMWebschool]

We have also added Authorize.net to our shopping cart solutions now!

http://www.fmwebschool.com/fxcart.php these are fully functioning shopping carts that work with FileMaker 7. Let me know if this is helpful or if you have any questions.