Re: Permissions Ignored - PLEASE HELP

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47056
interpreted = N
texte = I have a client that is selling goods, doesn't want to go to the expense of live transactions right now, so he wants to receive the order information and charge the buyer's credit card manually. Right now, once the cart is purchased, an email is sent to the client that includes a link to a template that shows the order information, including the credit card number.In the template, I use [orderfile] and I have added the [protect] tag. The template is also covered by the client's SSL certificate. The [protect] obviously requires that he enter is username and password to view the data.I want to provide the best of security, but I'm new to this realm of the web... so honestly, I don't know all bases to cover. Is this adequate protection? Is there anything else I should do? I don't quite understand what you mean by setting up the web identity based on the IP address. My client doesn't have a static IP, and even so, would like to access the order information from various locations, due to his extensive traveling.-----Original Message----- From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of John Peacock Sent: Wednesday, January 22, 2003 10:38 AM To: WebCatalog Talk Subject: Re: Permissions Ignored - PLEASE HELP Kimberly D. Walls wrote: > More specifically, do you recommend I use [protect] for everything? Credit > card numbers as well? >[Protect] has nothing directly to do with credit card numbers; it is strictly there to require authentication to access a given template, regardless of what is contained within that template.FYI, what we currently do is e-mail customer service a link to a template that is not accessible on the public network (i.e. a web identity which only exists for IP addresses inside our network). Additionally, only users with a password in the users.db can even open up that page (so the link by itself is harmless even internally).John-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  2. Re: Permissions Ignored - PLEASE HELP (Stuart Tremain 2003)
  3. Re: Permissions Ignored - PLEASE HELP (Gary Krockover 2003)
  4. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  5. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  6. Re: Permissions Ignored - PLEASE HELP (Alex McCombie 2003)
  7. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  8. Re: Permissions Ignored - PLEASE HELP (Kenneth Grome 2003)
  9. Re: Permissions Ignored - PLEASE HELP (Bob Minor 2003)
  10. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  11. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  12. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  13. Re: Permissions Ignored - PLEASE HELP (WJ Starck 2003)
  14. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  15. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  16. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  17. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  18. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  19. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  20. Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
I have a client that is selling goods, doesn't want to go to the expense of live transactions right now, so he wants to receive the order information and charge the buyer's credit card manually. Right now, once the cart is purchased, an email is sent to the client that includes a link to a template that shows the order information, including the credit card number.In the template, I use [orderfile] and I have added the [protect] tag. The template is also covered by the client's SSL certificate. The [protect] obviously requires that he enter is username and password to view the data.I want to provide the best of security, but I'm new to this realm of the web... so honestly, I don't know all bases to cover. Is this adequate protection? Is there anything else I should do? I don't quite understand what you mean by setting up the web identity based on the IP address. My client doesn't have a static IP, and even so, would like to access the order information from various locations, due to his extensive traveling.-----Original Message----- From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of John Peacock Sent: Wednesday, January 22, 2003 10:38 AM To: WebCatalog Talk Subject: Re: Permissions Ignored - PLEASE HELP Kimberly D. Walls wrote: > More specifically, do you recommend I use [protect] for everything? Credit > card numbers as well? >[protect] has nothing directly to do with credit card numbers; it is strictly there to require authentication to access a given template, regardless of what is contained within that template.FYI, what we currently do is e-mail customer service a link to a template that is not accessible on the public network (i.e. a web identity which only exists for IP addresses inside our network). Additionally, only users with a password in the users.db can even open up that page (so the link by itself is harmless even internally).John-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Kimberly D. Walls

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

New to WebCat, Help. (1998) Associative lookup style? + bit more (1997) unable to launch acgi in WebCat (1997) WC2b12: Yes, Formulas.db is for real (1997) Copyright ? (1997) Include vs. lookup? (1998) WebDNA 6 (2004) SiteGuard Admin Feature ? (1997) value in forms (2000) [urgent] Phone number at SM (2006) access denied problem (1997) PCS Frames-Default page is solution! (1997) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) One tough Cookie (1998) Follow-Up to: Removing [showif] makes a big difference in speed (1997) Search/sort in URL Was: GuestBook example (1997) MacWEEK article help needed (1996) 404 error page issue (2006) Secure server question (1997) WordBreak Qestion (1998)