Re: Permissions Ignored - PLEASE HELP

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47059
interpreted = N
texte = It sounds like you have the bases covered, but my advice would be watch out.*You* will be held responsible should the credit card number fall into the wrong hands, not the client.How can you be certain the client will properly control access on their end? Sure the site is password protected, but how stringent is the security going to be on their network/computers? I'd hate to see you get burned by a client that can't or won't pony up the $500 measly bucks to do things right. ;)--Will Starck NovaDerm Skincare Science http://www.novaderm.com wjs@novaderm.comOn Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote:> I have a client that is selling goods, doesn't want to go to the > expense of > live transactions right now, so he wants to receive the order > information > and charge the buyer's credit card manually. Right now, once the cart > is > purchased, an email is sent to the client that includes a link to a > template > that shows the order information, including the credit card number. > > In the template, I use [orderfile] and I have added the [protect] tag. > The > template is also covered by the client's SSL certificate. The > [protect] > obviously requires that he enter is username and password to view the > data. > > I want to provide the best of security, but I'm new to this realm of > the > web... so honestly, I don't know all bases to cover. Is this adequate > protection? Is there anything else I should do? I don't quite > understand > what you mean by setting up the web identity based on the IP address. > My > client doesn't have a static IP, and even so, would like to access the > order > information from various locations, due to his extensive traveling. > > > > -----Original Message----- > From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf > Of John Peacock > Sent: Wednesday, January 22, 2003 10:38 AM > To: WebCatalog Talk > Subject: Re: Permissions Ignored - PLEASE HELP > > > Kimberly D. Walls wrote: >> More specifically, do you recommend I use [protect] for everything? > Credit >> card numbers as well? >> > > [Protect] has nothing directly to do with credit card numbers; it is > strictly > there to require authentication to access a given template, regardless > of > what > is contained within that template. > > FYI, what we currently do is e-mail customer service a link to a > template > that > is not accessible on the public network (i.e. a web identity which only > exists > for IP addresses inside our network). Additionally, only users with a > password > in the users.db can even open up that page (so the link by itself is > harmless > even internally). > > John > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4720 Boston Way > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5747 > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  2. Re: Permissions Ignored - PLEASE HELP (Stuart Tremain 2003)
  3. Re: Permissions Ignored - PLEASE HELP (Gary Krockover 2003)
  4. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  5. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  6. Re: Permissions Ignored - PLEASE HELP (Alex McCombie 2003)
  7. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  8. Re: Permissions Ignored - PLEASE HELP (Kenneth Grome 2003)
  9. Re: Permissions Ignored - PLEASE HELP (Bob Minor 2003)
  10. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  11. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  12. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  13. Re: Permissions Ignored - PLEASE HELP (WJ Starck 2003)
  14. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  15. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  16. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  17. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  18. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  19. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  20. Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
It sounds like you have the bases covered, but my advice would be watch out.*You* will be held responsible should the credit card number fall into the wrong hands, not the client.How can you be certain the client will properly control access on their end? Sure the site is password protected, but how stringent is the security going to be on their network/computers? I'd hate to see you get burned by a client that can't or won't pony up the $500 measly bucks to do things right. ;)--Will Starck NovaDerm Skincare Science http://www.novaderm.com wjs@novaderm.comOn Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote:> I have a client that is selling goods, doesn't want to go to the > expense of > live transactions right now, so he wants to receive the order > information > and charge the buyer's credit card manually. Right now, once the cart > is > purchased, an email is sent to the client that includes a link to a > template > that shows the order information, including the credit card number. > > In the template, I use [orderfile] and I have added the [protect] tag. > The > template is also covered by the client's SSL certificate. The > [protect] > obviously requires that he enter is username and password to view the > data. > > I want to provide the best of security, but I'm new to this realm of > the > web... so honestly, I don't know all bases to cover. Is this adequate > protection? Is there anything else I should do? I don't quite > understand > what you mean by setting up the web identity based on the IP address. > My > client doesn't have a static IP, and even so, would like to access the > order > information from various locations, due to his extensive traveling. > > > > -----Original Message----- > From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf > Of John Peacock > Sent: Wednesday, January 22, 2003 10:38 AM > To: WebCatalog Talk > Subject: Re: Permissions Ignored - PLEASE HELP > > > Kimberly D. Walls wrote: >> More specifically, do you recommend I use [protect] for everything? > Credit >> card numbers as well? >> > > [protect] has nothing directly to do with credit card numbers; it is > strictly > there to require authentication to access a given template, regardless > of > what > is contained within that template. > > FYI, what we currently do is e-mail customer service a link to a > template > that > is not accessible on the public network (i.e. a web identity which only > exists > for IP addresses inside our network). Additionally, only users with a > password > in the users.db can even open up that page (so the link by itself is > harmless > even internally). > > John > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4720 Boston Way > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5747 > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ WJ Starck

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Java and WebDNA (2002) WC2.0 Memory Requirements (1997) WebCat 4.0 & WebMerchant (2000) [WebDNA] Encode cookies ONLY via "method=Base64" (2008) [WebDNA] getting a cookie to expire (2015) PCS Customer submissions ? (1997) [cart]= (2004) 4.5.1 on Panther? (2004) [WebDNA] Problem with bcc email (2017) shownext (1997) Follow-Up to: Removing [showif] makes a big difference in speed (1997) [WebDNA] Has [middle] always worked this way? (2014) Email Set-Up? (1997) WC Database Format (1997) Rollovers (1999) Dummy Credit Card Number for debug? (1997) ElseIf Statements? (2005) debit cards and checksum (1998) [Fwd: F3 database munching] (1997) reading a email (2000)