Consider that ultimate of all log files, a .dmp file. Everything is going to be in that, and they typically get automatically sent when something goes wrong.
Mike. On Thu, Dec 19, 2019, 09:03 Alan Ingleby <alan.ingl...@gmail.com> wrote: > I guess the key requirement here is "I'm about to write this string to a > log file, is there a chance there's a credit card number in here?". All > other things considered, this is reasonably good safeguard. I'd imaging if > the quick and dirty regex I listed picks anything up, you could do a > further mod10 to validate against valid credit card numbers etc. > > All seems a bit iffy though doesn't it. If a CC # has gotten its way to a > log file, you really need to question your developers. > > On Wed, 18 Dec 2019 at 23:11, Grant Maw <grant....@gmail.com> wrote: > >> I thought all credit cards use the Mod10 (Kuhn) algorithm. I seem to >> remember it being a safeguard against data entry errors back in the day, >> so this is possibly a hangover from those days. >> >> We never validate card numbers. We pass the card data to the processing >> gateway and let their APIs handle all that stuff. Less code for us to >> maintain. >> >> On Wed, 18 Dec. 2019, 3:33 pm Preet Sangha, <preetsan...@gmail.com> >> wrote: >> >>> Hi Ed, >>> >>> Thanks for that. We are an large enterprise platform doing thousands of >>> transactions via gateways - CC info is normally flowing through our code >>> except in the most secure of ways - we are PCI compliant. However to be >>> extra careful I'm trying to remove anything that looks like a known CC >>> shape from logging. It's to prevent issues in case someone inadvertently >>> stores CC in fields that they shouldn't. Yes there education but sometimes >>> mistakes happen. >>> >>> regards, >>> Preet, in Auckland NZ >>> >>> >>> >>> On Wed, 18 Dec 2019 at 16:57, <eddie.deb...@gmail.com> wrote: >>> >>>> Hi Preet, >>>> >>>> >>>> >>>> I don’t know of any libraries that handle this, but I do have a >>>> question for you. >>>> >>>> >>>> >>>> Why are you validating credit card info? >>>> >>>> >>>> >>>> I ask this because if you are validating card info then you are >>>> handling/processing card info. Any business handling credit card >>>> information should have PCI-DSS compliance. >>>> >>>> >>>> >>>> Personally, I find it is much easier to use external providers (eway, >>>> paypal et al) to handle the whole payment process, meaning your code never >>>> needs to touch a credit card number and you never have to worry about >>>> compliance, *security etc. >>>> >>>> >>>> >>>> Just a another random thought, YMMV. >>>> >>>> >>>> >>>> *Security of the card information >>>> >>>> >>>> >>>> Ed. >>>> >>>> >>>> >>>> *From:* ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com> *On >>>> Behalf Of *Preet Sangha >>>> *Sent:* Wednesday, 18 December 2019 2:41 PM >>>> *To:* ozDotNet <ozdotnet@ozdotnet.com> >>>> *Subject:* >>>> >>>> >>>> >>>> Would anyone know of any credit card validation/detection or similar >>>> libraries that we may be able incorporate into our .net framework code >>>> (preferably in nuget form) in order to eliminate our own hand coded regexs >>>> please? >>>> >>>> >>>> >>>> Regards Preet >>>> >>>> >>>> >>> > > -- > Alan Ingleby >