[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: Credit Cards

To: minivend-users@minivend.com
Subject: Re: Credit Cards
From: mikeh@minivend.com
Date: Fri, 26 Feb 1999 13:03:11 -0500
In-Reply-To: <36D6D313.F44E2483@mmaz.com>; from Barry Treahy on Fri, Feb 26, 1999 at 10:00:03AM -0700
References: <36D6D313.F44E2483@mmaz.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from mikeh@minivend.com     ******

Quoting Barry Treahy (treahy@mmaz.com):
> 
> Question... Most sites, when the credit card is encrypted and saved,
> saves a modified portion of the card information so that the customer
> has an idea of what is on file.  For example, if the card is
> 4111-1111-1111-1111, the system would encrypted and save that number,
> but it would also save 4111-XXXX-XXXX-1111 so that the customer would
> have some idea of the card on file...
> 
> Does MV does this and if not, how could I go about this because the card
> number is erased once encrypted into _info and I haven't figured out how
> to do this...

MiniVend doesn't make it easy for you to do this, as it doesn't let
the CC number pass to the session. But you can intercept the cgi value:

[value name=credit_card_id set="[calc]
								# use my() so it doesn't persist
								# to the next calc tag
								my $ccno = q{[cgi mv_credit_card_number]};
								$ccno =~ s/\D+//g;
								# If it fails we don't want the numbers
								# floating around in the session, so we
								# return blank
								$ccno =~ s/(\d{4})\d{4}\d{4}(\d+)/$1-XXXX-XXXX-$2/g
									or return '';
								return $ccno;
								[/calc]"]

I don't put this kind of stuff in the pages because it makes for all
sorts of misuse; one syntax error and it will show up in the log files. 8-\

Keeping credit card numbers in the clear is bad boogie. I recommend instead
putting in a line where they can enter the bank name; that is a better ID
that is secure. Or perhaps it is an argument for adding it as a feature so
inexperienced Perl programmers don't create security problems....8-)

-- 
Mike Heins                          http://www.minivend.com/  ___ 
                                    Internet Robotics        |_ _|____
Fast, reliable, cheap.              131 Willow Lane, Floor 2  | ||  _ \
Pick two and we'll talk.            Oxford, OH  45056         | || |_) |
 -- unknown                         <mikeh@minivend.com>     |___|  _ <
                                    513.523.7621 FAX 7501        |_| \_\
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- upgrading Minivend
  - From: "Black Samba - Staff" <darrenl@blacksamba.com>

References:
- Credit Cards
  - From: Barry Treahy <treahy@mmaz.com>

Prev by Date: Re: no telnet, so how can I install?
Next by Date: Re: no telnet, so how can I install?
Prev by thread: Credit Cards
Next by thread: upgrading Minivend
Index(es):
- Date
- Thread