Re: Permissions Ignored - PLEASE HELP
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 47108
interpreted = N
texte = >those credit card numbers are still stored in the individual orderfiles,>therefore... YES, it is MY responsibility to protect those numbers.First, the info in the order files should be written to a database, with the credit card numbers encrypted.Second, the order files should be DELETED immediately after each transaction is completed -- to prevent anyone from being able to download them, and to prevent anyone with username/password access from seeing the UNENCRYPTED credit card values in those files.Third, all your webdna templates and include files should be encrypted -- to prevent anyone from seeing the SEED value you used to encrypt the credit card values when storing them in your database file.Fourth, you should *NEVER* display the full credit card number on any web page, even when you're decrypting those values for some reason. Instead you should display only the last 3 or 4 digits of the number on the page.Sincerely,Kenneth Grome---------------------------------------------------WebDNA Professional Training and Development Center175 J. Llorente Street +63 (32) 255-6921Cebu City, Cebu 6000 kengrome@webdna.netPhilippines http://www.webdna.net----------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
>those credit card numbers are still stored in the individual orderfiles,>therefore... YES, it is MY responsibility to protect those numbers.First, the info in the order files should be written to a database, with the credit card numbers encrypted.Second, the order files should be DELETED immediately after each transaction is completed -- to prevent anyone from being able to download them, and to prevent anyone with username/password access from seeing the UNENCRYPTED credit card values in those files.Third, all your webdna templates and include files should be encrypted -- to prevent anyone from seeing the SEED value you used to encrypt the credit card values when storing them in your database file.Fourth, you should *NEVER* display the full credit card number on any web page, even when you're decrypting those values for some reason. Instead you should display only the last 3 or 4 digits of the number on the page.Sincerely,Kenneth Grome---------------------------------------------------WebDNA Professional Training and Development Center175 J. Llorente Street +63 (32) 255-6921Cebu City, Cebu 6000 kengrome@webdna.netPhilippines http://www.webdna.net----------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
OT: Heads-up to Smith Micro staff (2002)
FM and Webcat together? (1998)
Online reference (1997)
2.0Beta Command Ref (can't find this instruction) (1997)
[WebDNA] v 7 append (2012)
Freeze (2003)
WebCat2b15MacPlugin - [protect] (1997)
WCf2 and nested tags (1997)
WCS Newbie question (1997)
Displaying photo attached to first record (1997)
Updating Prices in Online Database (1999)
[founditems][replacefounditems] (2003)
Logging purchases (1997)
emailer (1997)
WebCat2: Found Items syntax, etc. (1997)
Simple way to create unique SKU (1997)
More on the email templates (1997)
[WebDNA] triggers.db "next execute" fails to update (2012)
NT considerations (1997)
Simple Database close connection (2001)