Having written cc validation in CF, JS, and AS for formally living clients (OK, yes, I did it in Java and C++ as an exercise), I can authoritatively say "unless you work for a company that actually processes credit transactions" - you are only filtering the actual validation.
Bottom line: if the credit card service rejects the transaction, your job is done (and perhaps 'done for'): other than 'informing the user'. If you are, in fact the end validator of the validatee - then any filtering you can do on the client (yes, I said filtering not validation) is a no brainer. I think even most banks send their 'validation' back to a central store for processing of actual validity. Filter away my friends... On Wed, Mar 10, 2010 at 12:03 PM, shawn gorrell <[email protected]> wrote: > I love CFFORM. Works really great, until it doesn't. > > I think Dean's objection would be that people think it offers client-side > validation. Some folks get confused and think that has something to do with > security. > > ------------------------------ > *From:* Charlie Arehart <[email protected]> > *To:* [email protected] > *Sent:* Wed, March 10, 2010 2:14:08 PM > > *Subject:* RE: [ACFUG Discuss] validating credit card numbers with CF > > Yep, Shawn, but I realize this is a subject about which some are > passionate (and I don’t mean Dean, who has rightfully earned his place in > the security pantheon), but I mean others who may have heard bad things > about CFFORM (whether they really ever affirmed any issues) and would want > to warn others or claim that my suggestion was naïve and leading lambs to > slaughter. :-) > > I’ve seen it so often over the years, that I just didn’t want to have them > kick the door in to make their point but rather just open the door so they > could make their point without any violence. :-) > > > > /charlie > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *shawn > gorrell > *Sent:* Wednesday, March 10, 2010 1:14 PM > *To:* [email protected] > *Subject:* Re: [ACFUG Discuss] validating credit card numbers with CF > > > > Why wouldn't someone use CFFORM for the client side convenience (not > validation, because it is not validation)? If it meets your needs, it is > often the fastest way. > > Purists like that are part of the reason why I have problems with the > development community at large. Why make anything any more complex than > absolutely necessary? We're in the business of solving functional and > non-functional requirements, and there are no style points awarded for being > a cool-guy programmer. > > > ------------------------------ > > *From:* Charlie Arehart <[email protected]> > *To:* [email protected] > *Sent:* Wed, March 10, 2010 12:38:10 PM > *Subject:* RE: [ACFUG Discuss] validating credit card numbers with CF > > And while the back-end validation is of course vital, if you want to do it > on the front-end as well (in Javascript), note that it’s a built-in feature > of CFINPUT, validate=”creditcard”. > > Yes, yes, I know that purists would never use CFFORM, and I know that you > can’t rely on client-side validation for security because it can be > circumvented and won’t work if JS is disabled on the browser, yadda, yadda. > That’s why I note that this would be subsidiary to server-side validation. > Still, it’s a lot more user-friendly to catch it on the front-end first, if > you can. > > All that said, I suppose some will still have more to say. Shields up. > Engage. :-) > > > > /charlie > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- > -- Darin Kohles RIA Developer
