Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Chris 47 posts 127 karma points
    Sep 30, 2016 @ 20:59
    Chris
    0

    Is ExtendedData a secure location for custom price details?

    Based on our complex pricing requirements we need to store some additional details in order to calculate a lineitem's cost. Is the ExtendedData collection a safe place to put these details or is it easily changed by technically-savvy users?

    Once we calculate a lineitem total (in the Basket view for example) we want to persist that price throughout the rest of the checkout process 1.) without having to recalculate it each step and 2.) without a user being able to dig into the ExtendedData and maliciously alter the calculated prices.

    I've noticed that Merchello seems to frequently recalculate the total price for line items by calling Total() in a variety of views, which we need to avoid based on our pricing requirements.

  • Rusty Swayne 1655 posts 4993 karma points c-trib
    Oct 01, 2016 @ 12:56
    Rusty Swayne
    100

    Line Item ExtendedData should be "secure" - keeping in mind I'm not a security expert =)

    It's used to record the price before the VAT adjustment for example. If you use a coupon, checkout and look at the extended data in the invoice line item you will also see some meta information about the price adjustment in the discount line item for example.

    Here is a list of the main items Merchello Core stores in extended data - https://github.com/Merchello/Merchello/blob/merchello-dev/src/Merchello.Core/Constants-ExtendedDataKeys.cs

    The Total() extension just multiples the Quantity by the Price field of the line item itself.

  • Chris 47 posts 127 karma points
    Oct 03, 2016 @ 02:55
    Chris
    0

    Thanks, Rusty. We need to override that quantity * price at almost every step during checkout so we're using a combination of DataModifier (to alter the base unit price) and then a few ExtendedData values.

Please Sign in or register to post replies

Write your reply to:

Draft