[FX.php List] Secure Credit Card forms/procedures
Jonathan Schwartz
jschwartz at exit445.com
Wed Sep 15 11:55:54 MDT 2010
Hi Folks,
In the never-ending list of subjects not covered in FMP Web
Publishing 101, ;-), I am being tossed to and fro by client requests
to "fix" security issues on forms such as password change and credit
card entry/edit, often after one of their clients complains...and
"fix" them back when another client complains in the other direction.
Sample issues:
Passwords:
- Require original password to change to new password, or not?
- Display password on screen during entry or use bullets?
Credit Cards
- Display CC# during entry or use bullets, or one of those
bullets+last digit entered routines.
- Which fields to re-display for editing, versus forcing re-entry
These can be argued either way in a security versus ease of use discussion.
What resources do you use for design standards and to be able to
demonstrate that the design *is" secure.
Ultimately, I would like to adopt the right level of security...and
then be able to back it up if/when challenged.
Thanks
Jonathan
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-370-5011
More information about the FX.php_List
mailing list