As with anything on the internet, you are never completely safe.
I personally would not do it that way. I would get the CC number and pass
it via a hidden form field and be on a server with SSL. But I think the
only way someone could access a client's session vars is if they had the
CFID and CFTOKEN. If they could access that then they could probably do a
lot more harm to your site than taking someone's CC number. If you are
using session vars then potentially someone could sit at a machine someone
just got off and use those same session vars depending on how your site is
coded. I.E. are you setting the session vars to zero after you are done
with them.
Byron
-----Original Message-----
From: Ken M. Mevand [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 13, 2000 12:07 AM
To: 02 cf-talk
Subject: Storing Credit Card info in Session variable
i'm storing shopping cart information in a session structure, together with
the credit card information. is this save?
thanks
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
