I would use them, but I am simply not happy with the level of integration that is involved. I feel like with these systems you are always shaving corners off a square to fit it in a round hole. Also the amount of time I vist sites and think to myself "Oh here we go!, another OSCommerce site". At the same time I hate the idea of re-inventing the wheel.

Security is a massive concern of mine and something I generally don't skimp on. Although if designed with security in mind, while keeping the code as simple as possible then I should be able to at least develop something relatively secure. I have spent some time over the past few weeks looking at open source e-commerce and CMS systems and they just seem bloated and overly complex (and therfore more risky from a security perspective). At the same time I know if I write something myself, then I'm the only one responsible for supporting it, as opposed to a community.

At the moment I'm not really interested in creating another "packaged application" so to speak, but rather an e-commerce website. Yes as I design the system, I should be able to reuse components, but I'm definately seperating the business logic from the presentation code. I believe that the likes of what is available already just tries to do too much as opposed to the classic goals of open source software which was do something small and do it well. The problem is though that the likes of OSCommerce, etc, are designed to be accessible to non-programmers. There doesn't seem to be any middle ground. It's like you're either using vi or frontpage.

Yes I know exactly what you mean and I agree that the project scope can often get out of control, but if designed properly I believe can be managed. With regards your example above, I don't think developing such functionality would take much time as I'm certain I developed CMS functionality before which offered such flexibility.

Any pointers as to how this works. I see the challenge of developing an e-commerce site broken up in to the following areas

1. Site presentation
2. CMS for adding/removing/updating the catalog (and anything else on the site that requires dynamic content)
3. Shopping Cart tracking (and sometimes saving), my experience with something like that to date would be coming from the J2EE (JSP, EJB) world, but I'm sure is straight forward in PHP also (for smaller projects).
4. User Account Management
5. Notification Services
6. Interactions with the respective payment gateway
7. Security

I see all of the above as discrete and very much not tied in together. Of course the presentation layer will appear to tie them all together, but from a design perspective I see them as seperate problems. Apologies if I'm missing something here. Listen I don't want to sound in any way arrogant in my posts on this subject. I can code, I have experience with web based systems. I believe I understand the popular problems (at least) associated with delivering such systems, but I am very much raising my hand as a newbie to this area of e-commerce. So feel free to wave your flags of experience, I very much appreciate any help offered and respect your opinons/advice.

I am the very same, and furthermore would leave based on the grounds of the level of information being requested, regardless of how secure the session is. But on the subject of SSL, is there a 1:1 relationship between a fixed IP hosting plan and a SSL cert, or is it on a per website basis?. As well as securing the wire, by passing comms over SSL and verifying identities, what else from an infrastructure/hosting point of view do I need to be concerned with?

I appreciate very much your time