Re: Permissions Ignored - PLEASE HELP
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 47056
interpreted = N
texte = I have a client that is selling goods, doesn't want to go to the expense oflive transactions right now, so he wants to receive the order informationand charge the buyer's credit card manually. Right now, once the cart ispurchased, an email is sent to the client that includes a link to a templatethat shows the order information, including the credit card number.In the template, I use [orderfile] and I have added the [protect] tag. Thetemplate is also covered by the client's SSL certificate. The [protect]obviously requires that he enter is username and password to view the data.I want to provide the best of security, but I'm new to this realm of theweb... so honestly, I don't know all bases to cover. Is this adequateprotection? Is there anything else I should do? I don't quite understandwhat you mean by setting up the web identity based on the IP address. Myclient doesn't have a static IP, and even so, would like to access the orderinformation from various locations, due to his extensive traveling.-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On BehalfOf John PeacockSent: Wednesday, January 22, 2003 10:38 AMTo: WebCatalog TalkSubject: Re: Permissions Ignored - PLEASE HELPKimberly D. Walls wrote:> More specifically, do you recommend I use [protect] for everything?Credit> card numbers as well?>[Protect] has nothing directly to do with credit card numbers; it isstrictlythere to require authentication to access a given template, regardless ofwhatis contained within that template.FYI, what we currently do is e-mail customer service a link to a templatethatis not accessible on the public network (i.e. a web identity which onlyexistsfor IP addresses inside our network). Additionally, only users with apasswordin the users.db can even open up that page (so the link by itself isharmlesseven internally).John--John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I have a client that is selling goods, doesn't want to go to the expense oflive transactions right now, so he wants to receive the order informationand charge the buyer's credit card manually. Right now, once the cart ispurchased, an email is sent to the client that includes a link to a templatethat shows the order information, including the credit card number.In the template, I use [orderfile] and I have added the [protect] tag. Thetemplate is also covered by the client's SSL certificate. The [protect]obviously requires that he enter is username and password to view the data.I want to provide the best of security, but I'm new to this realm of theweb... so honestly, I don't know all bases to cover. Is this adequateprotection? Is there anything else I should do? I don't quite understandwhat you mean by setting up the web identity based on the IP address. Myclient doesn't have a static IP, and even so, would like to access the orderinformation from various locations, due to his extensive traveling.-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On BehalfOf John PeacockSent: Wednesday, January 22, 2003 10:38 AMTo: WebCatalog TalkSubject: Re: Permissions Ignored - PLEASE HELPKimberly D. Walls wrote:> More specifically, do you recommend I use [protect] for everything?Credit> card numbers as well?>[protect] has nothing directly to do with credit card numbers; it isstrictlythere to require authentication to access a given template, regardless ofwhatis contained within that template.FYI, what we currently do is e-mail customer service a link to a templatethatis not accessible on the public network (i.e. a web identity which onlyexistsfor IP addresses inside our network). Additionally, only users with apasswordin the users.db can even open up that page (so the link by itself isharmlesseven internally).John--John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4720 Boston WayLanham, MD 20706301-459-3366 x.5010fax 301-429-5747-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Kimberly D. Walls
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Running _every_ page through WebCat ? (1997)
Major bug report on rootbeer (1997)
Weird problems with [SHOWIF]s (1997)
Change in Host? (1999)
[OT] Read and weep (2003)
F3 crashing server (1997)
Emailer (WebCat2) (1997)
Signup form db weirdness (2006)
WebCat and image maps (1997)
Price + Texte (1999)
Re2: frames & carts (1997)
Shopping Cart Page (1997)
WebCatalog for Dummies part 2 (2000)
WebMerchant? (1998)
Menu to select product variations (1997)
[BULK] [WebDNA] An actual attempt to get WebDNA and MAMP Pro to work - assistance needed (2018)
FTP and [shell] (2003)
Database Erroe (2000)
PIXO support (1997)
Writefile outside WebSTAR hierarchy? (1997)