Re: Permissions Ignored - PLEASE HELP
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 47060
interpreted = N
texte = WJ Starck wrote:> It sounds like you have the bases covered, but my advice would be > watch out.>> *You* will be held responsible should the credit card number fall into > the wrong hands, not the client.I think it is always wise for a developer to put things in a contract that cover situations like this. A developerhas no control on what changes might take place after it leaves there hands, therefore cannot be responsible formishaps. PUT IT IN THE CONTRACT.Donovan>>> How can you be certain the client will properly control access on > their end? Sure the site is password protected, but how stringent is > the security going to be on their network/computers? I'd hate to see > you get burned by a client that can't or won't pony up the $500 measly > bucks to do things right.>> ;)>> -->> Will Starck> NovaDerm Skincare Science> http://www.novaderm.com> wjs@novaderm.com>>>>>> On Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote:>>> I have a client that is selling goods, doesn't want to go to the >> expense of>> live transactions right now, so he wants to receive the order information>> and charge the buyer's credit card manually. Right now, once the cart is>> purchased, an email is sent to the client that includes a link to a >> template>> that shows the order information, including the credit card number.>>>> In the template, I use [orderfile] and I have added the [protect] >> tag. The>> template is also covered by the client's SSL certificate. The [protect]>> obviously requires that he enter is username and password to view the >> data.>>>> I want to provide the best of security, but I'm new to this realm of the>> web... so honestly, I don't know all bases to cover. Is this adequate>> protection? Is there anything else I should do? I don't quite >> understand>> what you mean by setting up the web identity based on the IP address. My>> client doesn't have a static IP, and even so, would like to access >> the order>> information from various locations, due to his extensive traveling.>>>>>>>> -----Original Message----->> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf>> Of John Peacock>> Sent: Wednesday, January 22, 2003 10:38 AM>> To: WebCatalog Talk>> Subject: Re: Permissions Ignored - PLEASE HELP>>>>>> Kimberly D. Walls wrote:>>>>> More specifically, do you recommend I use [protect] for everything?>>>> Credit>>>>> card numbers as well?>>>>>>> [Protect] has nothing directly to do with credit card numbers; it is>> strictly>> there to require authentication to access a given template, regardless of>> what>> is contained within that template.>>>> FYI, what we currently do is e-mail customer service a link to a template>> that>> is not accessible on the public network (i.e. a web identity which only>> exists>> for IP addresses inside our network). Additionally, only users with a>> password>> in the users.db can even open up that page (so the link by itself is>> harmless>> even internally).>>>> John>>>> -->> John Peacock>> Director of Information Research and Technology>> Rowman & Littlefield Publishing Group>> 4720 Boston Way>> Lanham, MD 20706>> 301-459-3366 x.5010>> fax 301-429-5747>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list
.>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to>> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
WJ Starck wrote:> It sounds like you have the bases covered, but my advice would be > watch out.>> *You* will be held responsible should the credit card number fall into > the wrong hands, not the client.I think it is always wise for a developer to put things in a contract that cover situations like this. A developerhas no control on what changes might take place after it leaves there hands, therefore cannot be responsible formishaps. PUT IT IN THE CONTRACT.Donovan>>> How can you be certain the client will properly control access on > their end? Sure the site is password protected, but how stringent is > the security going to be on their network/computers? I'd hate to see > you get burned by a client that can't or won't pony up the $500 measly > bucks to do things right.>> ;)>> -->> Will Starck> NovaDerm Skincare Science> http://www.novaderm.com> wjs@novaderm.com>>>>>> On Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote:>>> I have a client that is selling goods, doesn't want to go to the >> expense of>> live transactions right now, so he wants to receive the order information>> and charge the buyer's credit card manually. Right now, once the cart is>> purchased, an email is sent to the client that includes a link to a >> template>> that shows the order information, including the credit card number.>>>> In the template, I use [orderfile] and I have added the [protect] >> tag. The>> template is also covered by the client's SSL certificate. The [protect]>> obviously requires that he enter is username and password to view the >> data.>>>> I want to provide the best of security, but I'm new to this realm of the>> web... so honestly, I don't know all bases to cover. Is this adequate>> protection? Is there anything else I should do? I don't quite >> understand>> what you mean by setting up the web identity based on the IP address. My>> client doesn't have a static IP, and even so, would like to access >> the order>> information from various locations, due to his extensive traveling.>>>>>>>> -----Original Message----->> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf>> Of John Peacock>> Sent: Wednesday, January 22, 2003 10:38 AM>> To: WebCatalog Talk>> Subject: Re: Permissions Ignored - PLEASE HELP>>>>>> Kimberly D. Walls wrote:>>>>> More specifically, do you recommend I use [protect] for everything?>>>> Credit>>>>> card numbers as well?>>>>>>> [protect] has nothing directly to do with credit card numbers; it is>> strictly>> there to require authentication to access a given template, regardless of>> what>> is contained within that template.>>>> FYI, what we currently do is e-mail customer service a link to a template>> that>> is not accessible on the public network (i.e. a web identity which only>> exists>> for IP addresses inside our network). Additionally, only users with a>> password>> in the users.db can even open up that page (so the link by itself is>> harmless>> even internally).>>>> John>>>> -->> John Peacock>> Director of Information Research and Technology>> Rowman & Littlefield Publishing Group>> 4720 Boston Way>> Lanham, MD 20706>> 301-459-3366 x.5010>> fax 301-429-5747>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to>> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>>>> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/>>>>>>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Donovan
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[SearchString] problem with [search] context (1997)
WebMerchant Error (1998)
Emailer setup (1997)
Frames and WebCat (1997)
Limitations on fields? Server is crashing (1997)
RE: [WebDNA] Reformatting database headers (2009)
Poll Results (2002)
can WC render sites out? (1997)
Bug Report, maybe (1997)
MacActivity and PCS (1997)
How to Sort Summ data ? (1997)
Maybe off topic but how to charge (1997)
WebCat2: Items xx to xx shown, etc. (1997)
_ in front of field name (1998)
Summing fields (1997)
HELP WITH DATES (1997)
4.51 Triggers (2003)
WebCat2b13MacPlugIn - More limits on [include] (1997)
Q: how long for answers to the WebDNA-Talk list? (1997)
Snake Bites (1997)