RE: Storing Credit Card info in Session variable

Thu, 13 Apr 2000 07:24:21 -0700 

Potentially passing through a hidden form variable is at more risk than
session variables! I can do a view source on the page to view the hidden
form fields. But it takes more to guess the CFID & CFToken if its never
visible for the user to see:-)


-----Original Message-----
From: Byron M [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 13 April 2000 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE: Storing Credit Card info in Session variable



As with anything on the internet, you are never completely safe.

I personally would not do it that way.  I would get the CC number and pass
it via a hidden form field and be on a server with SSL.  But I think the
only way someone could access a client's session vars is if they had the
CFID and CFTOKEN.  If they could access that then they could probably do a
lot more harm to your site than taking someone's CC number.  If you are
using session vars then potentially someone could sit at a machine someone
just got off and use those same session vars depending on how your site is
coded.  I.E. are you setting the session vars to zero after you are done
with them.

Byron

-----Original Message-----
From: Ken M. Mevand [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 13, 2000 12:07 AM
To: 02 cf-talk
Subject: Storing Credit Card info in Session variable


i'm storing shopping cart information in a session structure, together with
the credit card information. is this save?

thanks

----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.


----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to