Yep, Shawn, but I realize this is a subject about which some are passionate (and I don’t mean Dean, who has rightfully earned his place in the security pantheon), but I mean others who may have heard bad things about CFFORM (whether they really ever affirmed any issues) and would want to warn others or claim that my suggestion was naïve and leading lambs to slaughter. :-)
I’ve seen it so often over the years, that I just didn’t want to have them kick the door in to make their point but rather just open the door so they could make their point without any violence. :-) /charlie From: [email protected] [mailto:[email protected]] On Behalf Of shawn gorrell Sent: Wednesday, March 10, 2010 1:14 PM To: [email protected] Subject: Re: [ACFUG Discuss] validating credit card numbers with CF Why wouldn't someone use CFFORM for the client side convenience (not validation, because it is not validation)? If it meets your needs, it is often the fastest way. Purists like that are part of the reason why I have problems with the development community at large. Why make anything any more complex than absolutely necessary? We're in the business of solving functional and non-functional requirements, and there are no style points awarded for being a cool-guy programmer. _____ From: Charlie Arehart <[email protected]> To: [email protected] Sent: Wed, March 10, 2010 12:38:10 PM Subject: RE: [ACFUG Discuss] validating credit card numbers with CF And while the back-end validation is of course vital, if you want to do it on the front-end as well (in Javascript), note that it’s a built-in feature of CFINPUT, validate=”creditcard”. Yes, yes, I know that purists would never use CFFORM, and I know that you can’t rely on client-side validation for security because it can be circumvented and won’t work if JS is disabled on the browser, yadda, yadda. That’s why I note that this would be subsidiary to server-side validation. Still, it’s a lot more user-friendly to catch it on the front-end first, if you can. All that said, I suppose some will still have more to say. Shields up. Engage. :-) /charlie ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
