Re: [dev] Suckless e-comerce script proposal

From: Antenore Gatta <>
Date: Thu, 22 Sep 2016 16:50:08 +0200

On Thu, 22 Sep 2016 16:09:00 +0200
Kamil Cholewiński <> wrote:

> In Poland, on most online shopping services, you click "pay with bank
> transfer" at the checkout. Click the logo of your bank, get a redirect
> to the bank's online transaction service, type in your user&pass,
> review the transaction, get an SMS with one-time code to confirm it,
> and click OK. It's marginally more complicated than typing the CC
> number and infinitely more secure (MFA, one-time codes are all
> standard). Transfers are instant, you usually get the goods the next
> day.
> However it's very JS-heavy, which is the only part that really sucks.

No, this is pure madness, it's not more secure than the other way

Banks should provide their own APIs + SSO using a common/standard naming
conventions and functionality. That doesn't sucks, the other way it

It's enough a MitM attack or similar exploits to obtain
user, password and other personal details and/or to forge payments that
look like the original one. I know by experience.

This doesn't mean that Poland e-commerce solutions aren't safe, it
just means that you are using the "suck more" solution.

BTW, having a "suck less" e-commerce it's good, but I'm also strongly
convinced that it doesn't belong to suckless.

My 2¢

Version: 3.12
GIT !d s: !a C++ UL++++ P+++ L+++ E--- W+++ N+++ o-- K- w--- 
O+ M-- V-- PS+++ PE Y+ PGP t+++ 5++ X R++ tv- b+ DI D++ 
G e+ h---- r+++ y++++ 
Received on Thu Sep 22 2016 - 16:50:08 CEST

This archive was generated by hypermail 2.3.0 : Thu Sep 22 2016 - 17:00:13 CEST