[plug] Is this secure
Sacha Schlegel
sacha at schlegel.li
Fri Dec 14 11:22:11 WST 2001
Hi Skribe
On Fri, Dec 14, 2001 at 10:09:33AM +0800, skribe wrote:
> Could someone who is more proficient at javascript and web security please
> have a look at this and tell me if the form is susceptile to sniffing. These
> guys are friends of mine and up until a couple of weeks ago they were passing
> credit card numbers via plain text. I hassled them a few times and
> eventually they convinced the web company that created their page (they're
> not web code literate) to change it. This page is the result:
>
> http://www.infusioncoffee.com/html/orders.htm
As mentioned before SSL should be used. Further I saw once a web site where an additional administration page existed. The guys accessed the administration page with a simple username password protection (html form based ?). Once on the administration site, they could check all customers including credit card numbers with expiration date etc all non-secure (non SSL)! in plain text.
Sacha
>
> skribe
> --
> Public key information available at:
> http://www.amber.com.au/~skribe/publickey.html
> Key fingerprint = A855 9CA3 953B 5195 C518 12F2 0E05 DCCD 5A88 E8A4
>
> Kennedy's Market Theorem:
> Given enough inside information and unlimited credit,
> you've got to go broke.
>
>
--
------------------------------------------------
Sacha Schlegel
1/67 Upton Str, 6102 St. James, Perth, Australia
sacha at schlegel.li www.schlegel.li
public key: www.schlegel.li/sacha.gpg
------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20011214/9cd42ada/attachment.pgp>
More information about the plug
mailing list