Unless the product configurations are confidential, adding TLS (https) won't help making the system more tamper proof. TLS is on the transport layer, the product configuration is the payload on the application layer.
URL parameter encryption can always be cracked, which is extremely easy if the encryption is done client side. So once again, unless the data itself is confidential, it would not help making the system tamper proof.
The only way to make sure the data from the JavaScript request hasn't been tampered with is server side validation.
Since the app is running on a external server, you probably don't want to duplicate the involved business logic and price rules in Magento.
The usual way to handle such a situation is to add a validation API to the application on the external server, so Magento can then check if the request was tampered with.
That could be verifying a simple hash of the request data, or duplicating the request to check the prices or multiple verifications from the heaps possible.
The general flow would then look like this:
- Customer configures a product using the JavaScript interface from the third party server.
- The resulte is then sent as a HTTP request to Magento.
- Magento receives the data and validates it's legit with the third party server.
Disclaimer: This is not a solution to the XML-RPC issue, but a workaround you could attempt
This solution will use direct SQL which is safe in this instance as there are not any default triggers which would be thrown on updating of the weight attribute.
Find out your weight attribute id & type. You can do this by navigating through Catalog → Attributes → Manage Attributes. Filter by the weight attribute and edit it.
In the URL you will find the attribute_id, like this:
www.yourstore.com/admin/catalog_product_attribute/edit/attribute_id/65/key/...
Once you have the attribute code, you just need to know whether the value is in int, decimal or text format, which will be stored in the _int, _decimal, _varchar EAV tables.
Magento by default creates the weight attribtue in the varchar table.
Your solution script would be:
<?php
$connection_write = Mage::getSingleton('core/resource')->getConnection('core_write');
$attribute_id = 65; //your weight attribute id
$products = array(1,2,3,4); //your product id array
foreach ($products as $product_id){
$sql = 'UPDATE `catalog_product_entity_varchar` SET `value` = ? WHERE `entity_id` = ? AND `attribute_id` = ?';
//this is assuming it is stored within the varchar table (other options are _int or _decimal)
$connection_write->query($sql, array("3.14", $product_id, $attribute_id);
//should this be in the _int or _decimal table, you'd omit the quotation marks around the value
}
echo "Complete";
?>
Once you run your script, your products will update extremely quickly, likely in a matter of seconds.
Heads up:
- To be safe, backup your website & database prior to running the script
- Run a full cache & reindex thereafter
Let me know if you have any troubles.
Best Answer
Not sure why magento plugin in and of itself would be too technical, especially if instructed to install via magento connect.
Which could build an accessible XML feed for you so you could scrape/retrieve the feed via HTTP without worrying about a changing theme layer.
I don't think this is the one click answer you're looking for, but an 'alternative' solution could be to have clients upload a custom script that you provide.
That script could be run via cron, and would perform periodic dumps of specified DB tables (i.e. no tables which contain 'sensitive business data').
Each dump could be retrieved via ssh/sftp if you have access to that, a public facing folder / email if not. Setting up a crontask via cpanel would be pretty easy for the average user.
That would give you the most complete dataset, although not without its glaring downsides.
As a sidenote, xpath parser for webscraping is an elegant tool, and could be implemented in a way to be mostly theme agnostic if it comes to that.