Re: Permissions Ignored - PLEASE HELP
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 47056
interpreted = N
texte = I have a client that is selling goods, doesn't want to go to the expense oflive transactions right now, so he wants to receive the order informationand charge the buyer's credit card manually. Right now, once the cart ispurchased, an email is sent to the client that includes a link to a templatethat shows the order information, including the credit card number.In the template, I use [orderfile] and I have added the [protect] tag. Thetemplate is also covered by the client's SSL certificate. The [protect]obviously requires that he enter is username and password to view the data.I want to provide the best of security, but I'm new to this realm of theweb... so honestly, I don't know all bases to cover. Is this adequateprotection? Is there anything else I should do? I don't quite understandwhat you mean by setting up the web identity based on the IP address. Myclient doesn't have a static IP, and even so, would like to access the orderinformation from various locations, due to his extensive traveling.-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On BehalfOf John PeacockSent: Wednesday, January 22, 2003 10:38 AMTo: WebCatalog TalkSubject: Re: Permissions Ignored - PLEASE HELPKimberly D. Walls wrote:> More specifically, do you recommend I use [protect] for everything?Credit> card numbers as well?>[Protect] has nothing directly to do with credit card numbers; it isstrictlythere to require authentication to access a given template, regardless ofwhatis contained within that template.FYI, what we currently do is e-mail customer service a link to a templatethatis not accessible on the public network (i.e. a web identity which onlyexistsfor IP addresses inside our network). Additionally, only users with apasswordin the users.db can even open up that page (so the link by itself isharmlesseven internally).John--John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I have a client that is selling goods, doesn't want to go to the expense oflive transactions right now, so he wants to receive the order informationand charge the buyer's credit card manually. Right now, once the cart ispurchased, an email is sent to the client that includes a link to a templatethat shows the order information, including the credit card number.In the template, I use [orderfile] and I have added the [protect] tag. Thetemplate is also covered by the client's SSL certificate. The [protect]obviously requires that he enter is username and password to view the data.I want to provide the best of security, but I'm new to this realm of theweb... so honestly, I don't know all bases to cover. Is this adequateprotection? Is there anything else I should do? I don't quite understandwhat you mean by setting up the web identity based on the IP address. Myclient doesn't have a static IP, and even so, would like to access the orderinformation from various locations, due to his extensive traveling.-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On BehalfOf John PeacockSent: Wednesday, January 22, 2003 10:38 AMTo: WebCatalog TalkSubject: Re: Permissions Ignored - PLEASE HELPKimberly D. Walls wrote:> More specifically, do you recommend I use [protect] for everything?Credit> card numbers as well?>[protect] has nothing directly to do with credit card numbers; it isstrictlythere to require authentication to access a given template, regardless ofwhatis contained within that template.FYI, what we currently do is e-mail customer service a link to a templatethatis not accessible on the public network (i.e. a web identity which onlyexistsfor IP addresses inside our network). Additionally, only users with apasswordin the users.db can even open up that page (so the link by itself isharmlesseven internally).John--John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Kimberly D. Walls
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
New to WebCat, Help. (1998)
Associative lookup style? + bit more (1997)
unable to launch acgi in WebCat (1997)
WC2b12: Yes, Formulas.db is for real (1997)
Copyright ? (1997)
Include vs. lookup? (1998)
WebDNA 6 (2004)
SiteGuard Admin Feature ? (1997)
value in forms (2000)
[urgent] Phone number at SM (2006)
access denied problem (1997)
PCS Frames-Default page is solution! (1997)
WebCat2b13MacPlugIn - [shownext method=post] ??? (1997)
One tough Cookie (1998)
Follow-Up to: Removing [showif] makes a big difference in speed (1997)
Search/sort in URL Was: GuestBook example (1997)
MacWEEK article help needed (1996)
404 error page issue (2006)
Secure server question (1997)
WordBreak Qestion (1998)