[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Minivend configuration issues
****** message to minivend-users from Murray Gibbins <murray@scotweb.ltd.uk> ******
Bobby Hitt wrote:
> - When an order is placed, all the fields are filled in except the credit
> card number. Is there a way to not have to do this? The client has entered a
> userid and password, so why have to enter the number?
Never, ever store credit card details on disk. If you __have__ to store them use
a one-way hash.
Sending credit card details to someones browers just because they have an active
session is not good security. They might have gone to make a cup of tea, or they
might be in a internet cafe, and left with out killing there session first.
Idiom -: users are stupid as sh*t !
--
____
\__/ Murray Gibbins murray@scotweb.ltd.uk
/ \ Programmer
_ \__/ _ ================================================
\\ || // Scotweb Limited, info@scotweb.ltd.uk
\\||// 13a Albert Terrace, http://www.scotweb.ltd.uk
\||/ Edinburgh EH10 5EA Tel: +44 (0) 131 270 82 33
|| Scotland. Europe. Fax: +44 (0) 7020 93 49 04
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
