Re: Permissions Ignored - PLEASE HELP

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47060
interpreted = N
texte = WJ Starck wrote:> It sounds like you have the bases covered, but my advice would be > watch out. > > *You* will be held responsible should the credit card number fall into > the wrong hands, not the client.I think it is always wise for a developer to put things in a contract that cover situations like this. A developer has no control on what changes might take place after it leaves there hands, therefore cannot be responsible for mishaps. PUT IT IN THE CONTRACT.Donovan> > > How can you be certain the client will properly control access on > their end? Sure the site is password protected, but how stringent is > the security going to be on their network/computers? I'd hate to see > you get burned by a client that can't or won't pony up the $500 measly > bucks to do things right. > > ;) > > -- > > Will Starck > NovaDerm Skincare Science > http://www.novaderm.com > wjs@novaderm.com > > > > > > On Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote: > >> I have a client that is selling goods, doesn't want to go to the >> expense of >> live transactions right now, so he wants to receive the order information >> and charge the buyer's credit card manually. Right now, once the cart is >> purchased, an email is sent to the client that includes a link to a >> template >> that shows the order information, including the credit card number. >> >> In the template, I use [orderfile] and I have added the [protect] >> tag. The >> template is also covered by the client's SSL certificate. The [protect] >> obviously requires that he enter is username and password to view the >> data. >> >> I want to provide the best of security, but I'm new to this realm of the >> web... so honestly, I don't know all bases to cover. Is this adequate >> protection? Is there anything else I should do? I don't quite >> understand >> what you mean by setting up the web identity based on the IP address. My >> client doesn't have a static IP, and even so, would like to access >> the order >> information from various locations, due to his extensive traveling. >> >> >> >> -----Original Message----- >> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf >> Of John Peacock >> Sent: Wednesday, January 22, 2003 10:38 AM >> To: WebCatalog Talk >> Subject: Re: Permissions Ignored - PLEASE HELP >> >> >> Kimberly D. Walls wrote: >> >>> More specifically, do you recommend I use [protect] for everything? >> >> Credit >> >>> card numbers as well? >>> >> >> [Protect] has nothing directly to do with credit card numbers; it is >> strictly >> there to require authentication to access a given template, regardless of >> what >> is contained within that template. >> >> FYI, what we currently do is e-mail customer service a link to a template >> that >> is not accessible on the public network (i.e. a web identity which only >> exists >> for IP addresses inside our network). Additionally, only users with a >> password >> in the users.db can even open up that page (so the link by itself is >> harmless >> even internally). >> >> John >> >> -- >> John Peacock >> Director of Information Research and Technology >> Rowman & Littlefield Publishing Group >> 4720 Boston Way >> Lanham, MD 20706 >> 301-459-3366 x.5010 >> fax 301-429-5747 >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  2. Re: Permissions Ignored - PLEASE HELP (Stuart Tremain 2003)
  3. Re: Permissions Ignored - PLEASE HELP (Gary Krockover 2003)
  4. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  5. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  6. Re: Permissions Ignored - PLEASE HELP (Alex McCombie 2003)
  7. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  8. Re: Permissions Ignored - PLEASE HELP (Kenneth Grome 2003)
  9. Re: Permissions Ignored - PLEASE HELP (Bob Minor 2003)
  10. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  11. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  12. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  13. Re: Permissions Ignored - PLEASE HELP (WJ Starck 2003)
  14. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  15. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  16. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  17. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  18. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  19. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  20. Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
WJ Starck wrote:> It sounds like you have the bases covered, but my advice would be > watch out. > > *You* will be held responsible should the credit card number fall into > the wrong hands, not the client.I think it is always wise for a developer to put things in a contract that cover situations like this. A developer has no control on what changes might take place after it leaves there hands, therefore cannot be responsible for mishaps. PUT IT IN THE CONTRACT.Donovan> > > How can you be certain the client will properly control access on > their end? Sure the site is password protected, but how stringent is > the security going to be on their network/computers? I'd hate to see > you get burned by a client that can't or won't pony up the $500 measly > bucks to do things right. > > ;) > > -- > > Will Starck > NovaDerm Skincare Science > http://www.novaderm.com > wjs@novaderm.com > > > > > > On Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote: > >> I have a client that is selling goods, doesn't want to go to the >> expense of >> live transactions right now, so he wants to receive the order information >> and charge the buyer's credit card manually. Right now, once the cart is >> purchased, an email is sent to the client that includes a link to a >> template >> that shows the order information, including the credit card number. >> >> In the template, I use [orderfile] and I have added the [protect] >> tag. The >> template is also covered by the client's SSL certificate. The [protect] >> obviously requires that he enter is username and password to view the >> data. >> >> I want to provide the best of security, but I'm new to this realm of the >> web... so honestly, I don't know all bases to cover. Is this adequate >> protection? Is there anything else I should do? I don't quite >> understand >> what you mean by setting up the web identity based on the IP address. My >> client doesn't have a static IP, and even so, would like to access >> the order >> information from various locations, due to his extensive traveling. >> >> >> >> -----Original Message----- >> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf >> Of John Peacock >> Sent: Wednesday, January 22, 2003 10:38 AM >> To: WebCatalog Talk >> Subject: Re: Permissions Ignored - PLEASE HELP >> >> >> Kimberly D. Walls wrote: >> >>> More specifically, do you recommend I use [protect] for everything? >> >> Credit >> >>> card numbers as well? >>> >> >> [protect] has nothing directly to do with credit card numbers; it is >> strictly >> there to require authentication to access a given template, regardless of >> what >> is contained within that template. >> >> FYI, what we currently do is e-mail customer service a link to a template >> that >> is not accessible on the public network (i.e. a web identity which only >> exists >> for IP addresses inside our network). Additionally, only users with a >> password >> in the users.db can even open up that page (so the link by itself is >> harmless >> even internally). >> >> John >> >> -- >> John Peacock >> Director of Information Research and Technology >> Rowman & Littlefield Publishing Group >> 4720 Boston Way >> Lanham, MD 20706 >> 301-459-3366 x.5010 >> fax 301-429-5747 >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Donovan

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[SearchString] problem with [search] context (1997) WebMerchant Error (1998) Emailer setup (1997) Frames and WebCat (1997) Limitations on fields? Server is crashing (1997) RE: [WebDNA] Reformatting database headers (2009) Poll Results (2002) can WC render sites out? (1997) Bug Report, maybe (1997) MacActivity and PCS (1997) How to Sort Summ data ? (1997) Maybe off topic but how to charge (1997) WebCat2: Items xx to xx shown, etc. (1997) _ in front of field name (1998) Summing fields (1997) HELP WITH DATES (1997) 4.51 Triggers (2003) WebCat2b13MacPlugIn - More limits on [include] (1997) Q: how long for answers to the WebDNA-Talk list? (1997) Snake Bites (1997)