Salt Key

One of the remarkable capabilities of CoCart is the ability to define the price of a product as it is being added to the cart.

In order to enhance the security against potential price tampering from external sources, a salt key can be designated through the newly added settings page or by specifying a new constant COCART_SALT_KEY within your wp-config.php file.

By employing this approach, you can effectively safeguard the integrity of the price configuration process. The salt key can be anything you wish it to be as long as it’s not memorable. It will be encrypted later using the md5 encryption algorithm.

After setting a salt key, if you try to add item/s to the cart with a new price, CoCart will verify if the salt key was included as well.

If the salt key doesn’t match or is not provided, the product will still be added to the cart with the default price unchanged.

FAQ

Wont a developer be still be able find the salt key?

Possibly. It all depends on how well you have minified your code to hide the fact that you are allowing price override. It is important to consider the potential risks associated with allowing such override and the impact it may have on the overall code security. Additionally, implementing proper measures to handle and validate user input is crucial to prevent any unauthorized changes to the pricing system. By adopting a comprehensive approach, including code obfuscation techniques and thorough testing, you can enhance the overall robustness of your system against potential vulnerabilities. So, taking necessary precautions and implementing best practices will greatly contribute to maintaining the integrity and security of your code.

This is only a means to help slow down the possibility of a session hijack nothing more. This approach serves as a preventive measure to mitigate the risk of a session hijack but should not be mistaken for a foolproof solution. It is important to note that there are various factors to consider when it comes to ensuring the security of a session and this method is just a small part of the overall strategy.

Can I only allow specific products to be overridden?

Yes of course. Using the filter cocart_is_allowed_to_override_price, you can run through a loop of product ID’s to return the statement as true for them only and return false for every other product your not checking.

See code snippet.

How do I add the salt key to the request?

Simply modify the request by adding the salt key to the header. Make sure that the header includes csaltk followed by your unique salt key.

See code snippet.

Was this helpful to you?