Just bought some script - is it safe?

[JTapp]

I don't know if you guys can help me with this or not...

 

I just bought some script for my client via PayPal.

It's a simple OptIn script for their newsletter.  It allows them to manage it without going into MySQL.

 

However, I usually buy USA - this is from St. Vincent & the Grenadines (see their websites below)

I'm fairly new at all of this and most of the time I'm not sure what I'm looking at in the code.

I'm wondering if I need to be worried about their compromising my client's data.

The software was $37 and included four php files.

 

http://islandlimited.net

http://planenews.com

PGP Key: http://keskydee.com/gil.asc

[bilis_money]

If you buy it as commercial version.

 

then consider it's safe.

 

but if you are in doubt. you can review the codes piece by piece.

 

[corbin]

bilis_money, just because something wasn't free doesn't mean it's legit.

 

I would probably glance through the PHP files and look for any outgoing data that doesn't go to PayPal.

[Ge64]

I would probably glance through the PHP files and look for any outgoing data that doesn't go to PayPal.

 

I think he means he bought the script using PayPal, not that the script does any money-related stuff...

[garry]

Just scan it for any foreign I.P addresses or websites and if you can't find any then you should be fine.

[micmania1]

I reccomend creating somewhere purposly built for testing the script, and post it in the BETA section asking people to find vulnrabilities.

[JTapp]

Thanks for all of your insight.

The script has an online demo if anybody wants to look at it.

It is:

 

Here is an online demo of what the end user would see: http://keskydee.com/demos/optin/optin.php

 

Here is an online demo of the administrative piece: http://keskydee.com/demos/optin/admin/index.php