Shopping Cart Software

CLIFFORD ILKAY clifford_ilkay at dinamis.com
Sat Oct 10 20:50:41 UTC 2009


Hal Burgiss wrote:
> On Sat, Oct 10, 2009 at 11:15:20AM -0500, Kipton Moravec wrote:
>> I want to build a simple eCommerce Website for maybe 10 products.
> 
> [...]
>  
>> What SW that goes on a Ubuntu Server would you recommend, that lets
>> people sign in and place an order?
> 
> The best all around open source e-commerce solution right now is Drupal +
> Ubercart. Ubercart is actually a Drupal module that requires separate
> installation. Drupal is in the repos. Completely open source, very actively
> developed, many third party modules, full content management and site
> development backend. This has many of the more common requirements met as to
> payment processing and shipping (the two biggest headaches IMO of shopping
> cart development).
> 
> Other open source projects to consider:
> 
>  - osCommerce, the great grandaddy of open source e-commerce
>  - Zencart, an improved table-less/xhtml fork of osCommerce
>  - Magento, has free/open plus a paid upgrade option.
> 
> Also, Wordpress has an ecommerce plugin that works fairly well if you only
> have a few products. It is short on payment options and shipping options and
> doesn't have nearly the number of shopping cart features as the others. But
> less complexity sometimes makes it easier to get your head around. The css
> sucks though.  
> 
> I disagree with another poster that writing a shopping cart from scratch is
> worth considering. There are too many interconnected pieces and too many
> security related headaches to even consider it unless a) you have a whole lot
> of time on your hands, b) you consider yourself something more than just
> plain competent in your programming language of choice, c) you will never need
> support or help, and the existing free stuff just does not meet your needs. 

First, if you have a simple workflow and simple needs, writing something 
from scratch in a productive framework like Django isn't a big deal. 
"Simple" to me is when you're not actually collecting or storing credit 
card information. The security requirements are quite manageable in that 
case. Good payment processors all supply API documentation and sample 
code in a variety of languages.

Second, anything that is written in PHP is likely to be more vulnerable 
than things written in just about any other language. That's not to say 
that you shouldn't consider it but you should be aware of it. Red Hat 
released a report on security vulnerabilities on RHEL over the last few 
years. There was only one language that merited a section in that report 
onto its own, PHP.

Finally, the "everything but the kitchen sink" products like Drupal, for 
example, give you the illusion of productivity because you can apt-get 
install it, or better yet, don't and just install from tarball (Drupal 
is quite self-contained and we have a specific way of deploying that we 
find works much better than the default), and be looking at something in 
your browser in a matter of minutes. Then, the real work begins and it 
can range from simple and tedious to "you can't get there from here". I 
often find that frameworks like Django are much better from a 
productivity standpoint because you're building up from a lightweight 
layer rather than trying to figure out how to *remove* functionality 
from a general purpose CMS like Drupal.

A case in point, Drupal's user profile system is just a mess. There are 
several conflicting ways of achieving user profiles, all with their own 
pros and cons, none of which actually give you a user profile that you 
can put up on a site without knowing how to restyle. Restyling isn't 
just CSS hackery. You need to have detailed and specific knowledge of 
the Drupal theming system, something which isn't rocket science but nor 
is it exactly straightforward. There is a substantial learning curve to 
it and Drupal's docs leave much to be desired. In the amount of time you 
spend learning how to create your first Drupal theme, learning about 
preprocess functions vs. template functions, how to use the Devel 
module, you could build and deploy your first simple Django site, even 
if you have zero Python skills when you started.

Drupal upgrades between major releases can also be range from merely 
annoying to "not worth the bother". There are far too many Drupal 5 
sites out there that haven't made the transition to Drupal 6, on the eve 
of the release of Drupal 7, because they use modules that never made the 
transition to Drupal 6. Sure, it's open source and you can, 
theoretically at least, "fix it" but many non-technical people are 
attracted to products like Drupal because they figure they can do 
"module mashup" and build something with their minimal technical skills 
without having to write code. I know of Drupal 4.6 sites that were 
rewritten in Django because the transition from Flexinode, which is/was 
a TTW (Through the Web) custom content type creator module, to CCK 
(Content Creation Kit), the current content type creator module, wasn't 
possible. If you had a significant amount of content locked in such a 
site, it was just as easy (or perhaps easier) migrating to a "foreign" 
technology like Django as it was to "upgrade" to Drupal 5. It remains to 
be seen how easy or difficult it will be to upgrade from Drupal 6 to 
Drupal 7.

Having said that, I like recent releases of Drupal more than I like 
older ones. Drupal 7 looks very interesting, though as I've alluded to 
above, it remains to be seen if the migration path will be "nuke 'n 
pave" or painless. We use Drupal on various projects because there is 
strong demand in the market for it and it's good to be able to offer 
more than one solution to clients to accommodate their needs, and often, 
biases.
--
Regards,

Clifford Ilkay
Dinamis
1419-3266 Yonge St.
Toronto, ON
Canada  M4N 3P6

<http://dinamis.com>
+1 416-410-3326




More information about the ubuntu-users mailing list