How secure is the system? I am thinking of buying this but I am curious how hard it is to hack this online app. As I will likely use it for IT projects I dont need bored 16 year olds bringing me down. Thanks

Hi John,

Good question. We take a number of measures to prevent all types of online attacks and SQL injections. Not only this, but the uploading functions within ILance allow the admin to specify specific file types and extensions to allow for uploading. Uploading leaks is mainly the #1 cause for many other PHP scripts and auction softwares available today. We try to cover all ends of uploading, including administrative uploading control.

A few examples of some of the security within ILance:

Encrypted URL functionality - Basically, when you see sites that use something like: id=2&cmd=that, ILance changes that by encrypting the URLs (on the fly) and re-writes the links to something like: page.php?crypted=Y02kdk2l239djjlLlLJSdj1h8d8hsasd2== As a result, any modification made to the 'hash' of the ?crypted= string will result in moving the script puppy to the main menu :)
HTML Source Code Encrypted (Entire HTML page on the fly) - Basically, via Javascript and PHP it is possible to prevent any human readable code by doing a "File > View Source" on any of your marketplace pages. For example, have a look at the online demo at http://www.ilanceonline.com and do a view > source. :)
Some other security features via run-time:

Captures vulgar phrases from post data and replaces with a standard abuse block caption (ie: fu** would become **--**)
Captures email addresses fro post data to keep your members from posting their email addresses in bid proposals and other areas (although this solution is not 100% preventable for obvious reasons)
Captures domain name's (if admin is filtering out domain names from being posted via forms)
And a lot more that I cannot think of at the moment .. try: http://ilance.ca/products-ilance-security.php
For best results, it's always recommended to host your business on a dedicated server, however many of our customers are extremely happy with Shared and Private server configurations with full SSL support functionality.

Finally, no company is perfect :) -- this is why we provide a bug tracker system through the forums to licensed customers only. This provides a central place to review current issues, post new issues and offers a discussion area to chat with others that might be having the same problem. If and when you decide to purchase, your forum user access as a "Licensed Customer" will grant you permission into the bug tracker area over here: http://www.ilance.ca/forum/bugs.php

Generally, issues reported that have been "Confirmed" as official bugs are fixed within 24 - 78 hours and made available to the "Official Patches" forum for the product(s) in question.

Feel free to discuss any other security questions in regards to ILance.

-Peter

I should also mention that if you have some ideas of how attacks would be made on the current version of ILance, please feel free to drop us a line. The other thing I wanted to point out is this --

For maximum protection, I would also suggest firewalls, and the works, but I also suggest investing in a software such as Zend encoder or ION cube encoder so you can create your modifications or the process you had in mind for the current framework of ILance, and then ENCODE! (before you launch).

This here should also provide a sense of security that if a hacker or script puppy ever did get into your FTP or web host space, that the files (php) they would be opening or attempting to download (to see how your credit card functions encode and decode via ILance software codes), they would simply get nothing but some BINARY garbage language they would never be able to decode (thanks to http://www.zend.com (http://www.zend.com/)). If they stole your information to launch ILance on their own domain, the software would render useless and not function properly since the software will be looking for your domain, not theirs.

With that said, ILance offers our customers two editions of the same software. Open source and fully Zend encoded. Usually, for customers without knowledge of programming, and just want to get a markeplace up will decide on the Zend encoded version. This here provides all of what I'm talking about above. However, if you decide to go with Open source, it would be HIGHLY recommended to at least get the main functions file in ILance encoded. This function file holds the keys and all your credit card and password encoding / decoding functions.

BTW - The database is full of encoded information such as passwords and creditcards (if you are using Credit card support within ILance) and so forth. This database would still be useless (in terms of CC fraud) if they could never open that function file to learn the algorithm works.

I hope I'm making sense here. :)

-Peter