Re: Storing Credit Card info in Session variable

Fri, 14 Apr 2000 02:36:42 -0700 

yes the session variables are deleted once the transaction is cleared, and
they are not stored in the DB.

so is it true that even with SSL, its no guarantee that someone else may hit
upon the same CFID and CFTOKEN and the web server will not be able to tell
that it is a different person?


----- Original Message -----
From: Byron M <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 13, 2000 1:22 PM
Subject: RE: Storing Credit Card info in Session variable


>
> As with anything on the internet, you are never completely safe.
>
> I personally would not do it that way.  I would get the CC number and pass
> it via a hidden form field and be on a server with SSL.  But I think the
> only way someone could access a client's session vars is if they had the
> CFID and CFTOKEN.  If they could access that then they could probably do a
> lot more harm to your site than taking someone's CC number.  If you are
> using session vars then potentially someone could sit at a machine someone
> just got off and use those same session vars depending on how your site is
> coded.  I.E. are you setting the session vars to zero after you are done
> with them.
>
> Byron
>
> -----Original Message-----
> From: Ken M. Mevand [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 13, 2000 12:07 AM
> To: 02 cf-talk
> Subject: Storing Credit Card info in Session variable
>
>
> i'm storing shopping cart information in a session structure, together
with
> the credit card information. is this save?
>
> thanks
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
>
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to