Satchmo's django_livesettings - Can be dangerous
19 views
Skip to first unread message
Benoit
Nov 6, 2010, 12:40:42 AM11/6/10
to Satchmo developers
Hi friends,
Here's dangerous scenario that may occur if you are not using settings.py's LIVESETTINGS_OPTIONS parameter with 'DB': False, as described here (which was the case for me until I encountered the issue I am about to describe).
-You create / use some tax module, let's say tax.modules.area
-In livesettings (yourshop.com/settings) , you set the tax module to "Area"
-Your shop goes live
-When the users does a checkout, the systems makes a DB request to find out what tax module it should be using -> livesettings.config_get_group('TAX').MODULE
-The DB request fails for some reason (dropped connection because of traffic for example).
-Instead or Excepting, the systems defaults to the "NO TAX" module set as default in satchmo tax's config.py. I think this is caused by this piece of code.
-User checks out and pays no taxes!!
Important: This can happen for anything that depends on Livesettings, it can affect shipping, taxes, payment, discounts....
So I strongly suggest that you use LIVESETTINGS_OPTIONS in production, otherwise you will notice some very erratic behavior during peak time.
In addition, if the only reliable solution is to use LIVESETTINGS_OPTIONS, why not simply drop django_livesettings and hard-code the configuration in the settings.py file?
Benoit Clennett-Sirois
Here's dangerous scenario that may occur if you are not using settings.py's LIVESETTINGS_OPTIONS parameter with 'DB': False, as described here (which was the case for me until I encountered the issue I am about to describe).
-You create / use some tax module, let's say tax.modules.area
-In livesettings (yourshop.com/settings) , you set the tax module to "Area"
-Your shop goes live
-When the users does a checkout, the systems makes a DB request to find out what tax module it should be using -> livesettings.config_get_group('TAX').MODULE
-The DB request fails for some reason (dropped connection because of traffic for example).
-Instead or Excepting, the systems defaults to the "NO TAX" module set as default in satchmo tax's config.py. I think this is caused by this piece of code.
-User checks out and pays no taxes!!
Important: This can happen for anything that depends on Livesettings, it can affect shipping, taxes, payment, discounts....
So I strongly suggest that you use LIVESETTINGS_OPTIONS in production, otherwise you will notice some very erratic behavior during peak time.
In addition, if the only reliable solution is to use LIVESETTINGS_OPTIONS, why not simply drop django_livesettings and hard-code the configuration in the settings.py file?
Benoit Clennett-Sirois
Reply all
Reply to author
Forward
0 new messages