When I say validation in this context, it is purely about data format, not validity of the card number. IMO, client side validation is only about convenience for the (legitimate) end user and saving a round trip to the server.
________________________________ From: Darin Kohles <[email protected]> To: [email protected] Sent: Thu, March 11, 2010 5:58:45 AM Subject: Re: [ACFUG Discuss] validating credit card numbers with CF Having written cc validation in CF, JS, and AS for formally living clients (OK, yes, I did it in Java and C++ as an exercise), I can authoritatively say "unless you work for a company that actually processes credit transactions" - you are only filtering the actual validation. Bottom line: if the credit card service rejects the transaction, your job is done (and perhaps 'done for'): other than 'informing the user'. If you are, in fact the end validator of the validatee - then any filtering you can do on the client (yes, I said filtering not validation) is a no brainer. I think even most banks send their 'validation' back to a central store for processing of actual validity. Filter away my friends... On Wed, Mar 10, 2010 at 12:03 PM, shawn gorrell <[email protected]> wrote: I love CFFORM. Works really great, until it doesn't. > >I think Dean's objection would be that people think it offers client-side >validation. Some folks get confused and think that has something to do with >security. > > > > ________________________________ From: Charlie Arehart <[email protected]> >To: [email protected] >Sent: Wed, March 10, 2010 2:14:08 PM > >Subject: RE: [ACFUG Discuss] validating credit card numbers with > CF > > > >> >Yep, Shawn, but I realize this is a subject about which some are >passionate (and I don’t mean Dean, who has rightfully earned his place in the >security pantheon), but I mean others who may have heard bad things about >CFFORM (whether they really ever affirmed any issues) and would want to warn >others or claim that my suggestion was naïve and leading lambs to slaughter. >:-) > >>I’ve seen it so often over the years, that I just didn’t want to have them >>kick >the door in to make their point but rather just open the door so they could >make their point without any violence. :-) > >> >/charlie > >> >> >From:[email protected] >[mailto:[email protected]] On Behalf Of shawn gorrell >Sent: Wednesday, March 10, 2010 1:14 PM >To: [email protected] >Subject: Re: [ACFUG Discuss] validating credit card numbers with CF > >> >> >Why >wouldn't someone use CFFORM for the client side convenience (not validation, >because it is not validation)? If it meets your needs, it is often the fastest >way. > >>Purists like that are part of the reason why I have problems with the >development community at large. Why make anything any more complex than >absolutely necessary? We're in the business of solving functional and >non-functional requirements, and there are no style points awarded for being a >cool-guy programmer. >> > >> >> ________________________________ > >From:Charlie Arehart ><[email protected]> >To: [email protected] >Sent: Wed, March 10, 2010 12:38:10 PM >Subject: RE: [ACFUG Discuss] validating credit card numbers with CF >> >And while the back-end validation is of course vital, if you >want to do it on the front-end as well (in Javascript), note that it’s a >built-in feature of CFINPUT, validate=”creditcard”. > >>Yes, yes, I know that purists would never use CFFORM, and I know that you >>can’t >rely on client-side validation for security because it can be circumvented and >won’t work if JS is disabled on the browser, yadda, yadda. That’s why I note >that this would be subsidiary to server-side validation. Still, it’s a lot more >user-friendly to catch it on the front-end first, if you can. > >>All that said, I suppose some will still have more to say. Shields up. Engage. >:-) > >> >/charlie > >------------------------------------------------------------- > > >To unsubscribe from this list, manage your profile @ > > >http://www.acfug.org?fa=login.edituserform > > >For more info, see http://www.acfug.org/mailinglists > >Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > >List hosted by FusionLink > >------------------------------------------------------------- > > > >> > >------------------------------------------------------------- > > >To unsubscribe from this list, manage your profile @ > > >http://www.acfug.org?fa=login.edituserform > > >For more info, see http://www.acfug.org/mailinglists > >Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > >List hosted by FusionLink > >------------------------------------------------------------- > > > -- Darin Kohles RIA Developer ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
