Re: Permissions Ignored - PLEASE HELP

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47060
interpreted = N
texte = WJ Starck wrote:> It sounds like you have the bases covered, but my advice would be > watch out. > > *You* will be held responsible should the credit card number fall into > the wrong hands, not the client.I think it is always wise for a developer to put things in a contract that cover situations like this. A developer has no control on what changes might take place after it leaves there hands, therefore cannot be responsible for mishaps. PUT IT IN THE CONTRACT.Donovan> > > How can you be certain the client will properly control access on > their end? Sure the site is password protected, but how stringent is > the security going to be on their network/computers? I'd hate to see > you get burned by a client that can't or won't pony up the $500 measly > bucks to do things right. > > ;) > > -- > > Will Starck > NovaDerm Skincare Science > http://www.novaderm.com > wjs@novaderm.com > > > > > > On Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote: > >> I have a client that is selling goods, doesn't want to go to the >> expense of >> live transactions right now, so he wants to receive the order information >> and charge the buyer's credit card manually. Right now, once the cart is >> purchased, an email is sent to the client that includes a link to a >> template >> that shows the order information, including the credit card number. >> >> In the template, I use [orderfile] and I have added the [protect] >> tag. The >> template is also covered by the client's SSL certificate. The [protect] >> obviously requires that he enter is username and password to view the >> data. >> >> I want to provide the best of security, but I'm new to this realm of the >> web... so honestly, I don't know all bases to cover. Is this adequate >> protection? Is there anything else I should do? I don't quite >> understand >> what you mean by setting up the web identity based on the IP address. My >> client doesn't have a static IP, and even so, would like to access >> the order >> information from various locations, due to his extensive traveling. >> >> >> >> -----Original Message----- >> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf >> Of John Peacock >> Sent: Wednesday, January 22, 2003 10:38 AM >> To: WebCatalog Talk >> Subject: Re: Permissions Ignored - PLEASE HELP >> >> >> Kimberly D. Walls wrote: >> >>> More specifically, do you recommend I use [protect] for everything? >> >> Credit >> >>> card numbers as well? >>> >> >> [Protect] has nothing directly to do with credit card numbers; it is >> strictly >> there to require authentication to access a given template, regardless of >> what >> is contained within that template. >> >> FYI, what we currently do is e-mail customer service a link to a template >> that >> is not accessible on the public network (i.e. a web identity which only >> exists >> for IP addresses inside our network). Additionally, only users with a >> password >> in the users.db can even open up that page (so the link by itself is >> harmless >> even internally). >> >> John >> >> -- >> John Peacock >> Director of Information Research and Technology >> Rowman & Littlefield Publishing Group >> 4720 Boston Way >> Lanham, MD 20706 >> 301-459-3366 x.5010 >> fax 301-429-5747 >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  2. Re: Permissions Ignored - PLEASE HELP (Stuart Tremain 2003)
  3. Re: Permissions Ignored - PLEASE HELP (Gary Krockover 2003)
  4. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  5. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  6. Re: Permissions Ignored - PLEASE HELP (Alex McCombie 2003)
  7. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  8. Re: Permissions Ignored - PLEASE HELP (Kenneth Grome 2003)
  9. Re: Permissions Ignored - PLEASE HELP (Bob Minor 2003)
  10. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  11. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  12. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  13. Re: Permissions Ignored - PLEASE HELP (WJ Starck 2003)
  14. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  15. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  16. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  17. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  18. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  19. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  20. Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
WJ Starck wrote:> It sounds like you have the bases covered, but my advice would be > watch out. > > *You* will be held responsible should the credit card number fall into > the wrong hands, not the client.I think it is always wise for a developer to put things in a contract that cover situations like this. A developer has no control on what changes might take place after it leaves there hands, therefore cannot be responsible for mishaps. PUT IT IN THE CONTRACT.Donovan> > > How can you be certain the client will properly control access on > their end? Sure the site is password protected, but how stringent is > the security going to be on their network/computers? I'd hate to see > you get burned by a client that can't or won't pony up the $500 measly > bucks to do things right. > > ;) > > -- > > Will Starck > NovaDerm Skincare Science > http://www.novaderm.com > wjs@novaderm.com > > > > > > On Wednesday, January 22, 2003, at 09:58 AM, Kimberly D. Walls wrote: > >> I have a client that is selling goods, doesn't want to go to the >> expense of >> live transactions right now, so he wants to receive the order information >> and charge the buyer's credit card manually. Right now, once the cart is >> purchased, an email is sent to the client that includes a link to a >> template >> that shows the order information, including the credit card number. >> >> In the template, I use [orderfile] and I have added the [protect] >> tag. The >> template is also covered by the client's SSL certificate. The [protect] >> obviously requires that he enter is username and password to view the >> data. >> >> I want to provide the best of security, but I'm new to this realm of the >> web... so honestly, I don't know all bases to cover. Is this adequate >> protection? Is there anything else I should do? I don't quite >> understand >> what you mean by setting up the web identity based on the IP address. My >> client doesn't have a static IP, and even so, would like to access >> the order >> information from various locations, due to his extensive traveling. >> >> >> >> -----Original Message----- >> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf >> Of John Peacock >> Sent: Wednesday, January 22, 2003 10:38 AM >> To: WebCatalog Talk >> Subject: Re: Permissions Ignored - PLEASE HELP >> >> >> Kimberly D. Walls wrote: >> >>> More specifically, do you recommend I use [protect] for everything? >> >> Credit >> >>> card numbers as well? >>> >> >> [protect] has nothing directly to do with credit card numbers; it is >> strictly >> there to require authentication to access a given template, regardless of >> what >> is contained within that template. >> >> FYI, what we currently do is e-mail customer service a link to a template >> that >> is not accessible on the public network (i.e. a web identity which only >> exists >> for IP addresses inside our network). Additionally, only users with a >> password >> in the users.db can even open up that page (so the link by itself is >> harmless >> even internally). >> >> John >> >> -- >> John Peacock >> Director of Information Research and Technology >> Rowman & Littlefield Publishing Group >> 4720 Boston Way >> Lanham, MD 20706 >> 301-459-3366 x.5010 >> fax 301-429-5747 >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Donovan

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Modulo function? (2000) details (2003) Silly Question (1997) searching multiple databases (1997) Webstar 1.3.1 PPC (1997) expansion domain freak out (2003) [WebDNA] Does anyone have newer PDF generator code than what is in the archives? (2009) [WebDNA] Why doesn't this returnraw redirect to the new page? (2009) [WebDNA] cant't restart webcatalog missing libcrypto.so.0.9.8 (2014) RE: Missing contexts on NT (1997) Date Formats (1997) SKU lookup (1997) RE: Error: template (1997) Locking up with WebCatalog... (1997) Netscape Cache and Linux (2001) Pre-flight public flag (1997) Strange conversions (2001) Emailer setup (1997) Re:emailer 150 (1997) Webdna Email and Plesk Control Panel (2005)