Major error in Payment Plugin!!

after editing the payment plugin I notice that your company email address is being listed even after I have edited everything and I would like to know how can I remove your company email address from the payment plugin in the Admin Section?

Please review photo thats attached to this post..

Thanks

Hi Charles

I don't agree that it is major error. It display the email of the developer who develops the payment plugin. I don't prevent you to change it to your email if you want. But if you want to change it, you will need to change it via database. Look at the database table #__eb_payment_plugins in your Joomla database(via phpmyadmin) and change it to what you want.

Regards,

Tuan

I disagree with you! Having anyone name showing on my system other than my company name creates a security whole! First it tells a hacker what CMS system you are using, and a number of other things that I am not going to post on a open forum for someone to apply to Event Booking...

But please keep in mind Event Booking is not a free component but product that your members pay for. So it should be up to each of your customer to decide what is shown on their website. And to have your developer email showing in a payment component that connections to Paypal or any other payment gateway is a security risk! It took me 5 minutes to replace my email address with the one you have in this plugin! And any hacker with a little knowledge can do the same thing!

Also there are joomla users that don't want the word Joomla or anything close to the word Joomla showing on their website! And you wanting to showcase information about your developer; in some ways is a back link! I do hope you know backlinks are one of the ways hackers use to highjack websites?

But I have disable all of event booking plugins for now....

Hi Charles

I disagree with you! Having anyone name showing on my system other than my company name creates a security whole! First it tells a hack what CMS system you are using, and a number of other things that I am not going to post on a open forum for someone to apply to Event Booking...

=> I think that information only show in the backend of your site. And there are many ways for a hacker to know that your site is Joomla or not. I believe it is not a big problem.

But please keep in mind Event Booking is not a free component but product that your members pay for. So it should be up to each of your customer to decide what is shown on there website. And to have your developer email showing in a payment component that connections to Paypal or any other payment gateway is a security risk! It took me 5 minutes to replace my email address with the one you have in this plugin! And any hacker with a little knowledge can do the same thing!

That's fair. And to be honest, that was not my aim to show my email there. And as I mentioned, I don't prevent you from changing it. When I wrote the code for that section, I think it will not only me but other developers can write the payment plugin, show showing the email of the developer there will help users contact the right developer if needed. So if you want to change it to your email, I have no problem with that. I will try to change the code so that admin can change email to what they want in the future.

(This is the first time I hear about this change request).

Also there are joomla users that don't want the word Joomla or anything close to the word Joomla showing on their website! And you wanting to showcase information about your developer and in some ways is a back link! I do hope you know backlinks are one of the ways hackers use to highjack a website...

I think I understand your view in this case.

But I have disable all the event booking plugins for now

=> Sorry, that mean you don't use Events Booking anymore ? Please let me know. If you don't use Events Booking, you can ask us for refund.

Tuan