With any complex system there are things that might not be immediately obvious but are nonetheless important to understand and consider to ensure you're making the best decisions for your project. This is especially true with ecommerce, which collects sensitive information. None of the information on this page is intended to scare you; rather, it's to help you make good decisions based on your unique needs.

Because of how FoxyCart's checkout works in determining automatically if a user is a returning customer or not, it would be possible for an attacker to enter an email address and see if that email is attached to a saved customer account. For example, if you enter john.doe@example.com onto the checkout, it will respond differently if that email is new versus if that email is from a returning customer.

If you're selling items that people might want to keep private, you may want to force guest checkouts only, so no email is ever saved in this way.

This is a somewhat common issue across the internet, and the alternative is to provide a very poor user experience in most situations. Example: You visit the checkout, enter your email and password, and get an error. But the error doesn't tell you if the email is wrong, or the password is wrong. You have no idea which email you even used, because the system doesn't want to leak this data. So you're left scratching your head wondering which of your 5 email addresses you actually used to register last year, or whether you registered at all. That's not conducive to a quick and easy checkout process, but if you don't want this potential privacy concern you can force guest checkout only.

(Also, to be clear: The attacker would have to know the email address ahead of time. We're not saying that an attacker can discover all the email addresses for all your customers.)

Please give this primer a read. It's good stuff.