You are here: Re: [PHP] Storing password in cookie « PHP « IT news, forums, messages
Re: [PHP] Storing password in cookie

Posted by trlists on 10/10/60 11:13

On 14 Apr 2005 Chris Shiflett wrote:

> When a user enters a credit card number, there may likely be a
> verification step before the actual purchase is made. It's better to
> keep this number on the server (in the session data store) than to
> unnecessarily expose it over the Internet again (SSL mitigates the risk,
> but an unnecessary risk is still worth avoiding).
>
> Being mindful of this, it's also helpful to not even display it to the
> user, instead showing only the last four digits or something, because
> this display also counts as exposure (since it's in the response).

There is one case where redisplaying the number (via https) makes sense
to me -- when it fails a verification check. The obvious example is a
simple check-digit error due to a typing error on the user's part. In
this case the option is either expecting the user to retype the entire
number every time they make a mistake, or accepting the -- to me
minimal -- risk in sending it back for editing when redisplaying the
form and error message. But doing that does require putting the CC #
in some form into session storage (or some kind of storage) in the case
where the processing / validation and display scripts are separate and
the processing script needs to pass posted data back for redisplay.

Re last four digits, I have notice that many sites seem to be going to
showing the last five or six, first four plus last four, etc.
Apparently people are finding that last four alone isn't sufficient for
users to recognize the card.


--
Tom

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация