Today I purchased BANS (Build A Niche Store) so I could have my wife work on getting some eBay affiliate shops up while I work on other things. Thought it would be a nice turn key operation for her to quickly get in the field of affiliate marketing. I do have to say the look and the basic functionality is outstanding, and the incredible ease for creating the store.

But, I’m a coder, first and foremost, and while I was configuring the application I started to notice ‘interesting’ issues with the application. I do NOT want to disclose specific issues, until the folks at BANS update their code. I’ve notified the head guy there are about the issues (and there were a few). I myself have started to fix a bunch, but this will take some time.

To see the issues related is hard in a black box environment, meaning outside looking in without knowledge of the code, but if you have the code, you can see some potentially serious holes. I’m curious how the folks at BANS will acknowledge my email addressing these issues.. usually this starts with — “these are not real issues” and so on, but trust me, having ‘any’ issues is not good for business and more importantly not good for the public.

The bottom line is that I want to still roll these scripts and applications out, since the interface is nice for my wife, but nothing is going on a server until I get these worked out. I’m a little miffed that I paid for something that is not that great as far as the security aspect. Developers often think of security last and GUI first. The problem is that you need to think of security as the foundation of your house. The foundation is weak, and your gui and rep could fall because of it.

As I stated, I sent the creator the error messages, offered diffs of the suspect files, and addressed the fundatmental security issues regarding other areas of the application. Hopefully, he’ll respond and we can get patches and updates rolled out soon.

I’ll keep you posted.