Copy link to clipboard
Copied
The payment page on our website is passing credit card information into a conformation page as form variables. The credit card company requires us to pass all of these form variable to their site for validation.
we pass these form variable using hidden field such as this : <cfinput type="hidden" name="CCNo" value="#Form.CCNo#">
The problem is, when I did view source from my browser, I could see all of the credit card information. I'm sure this need to be changed immediately but
I can't think of a way to make this transaction more secure.
I seems that he credit card company wanted us to pass all of these information as form variables. Is there ways to make passing form variable secure, where users can't see the values from view source??
Please help
Copy link to clipboard
Copied
Don't cache the page.
Copy link to clipboard
Copied
Do you mind elaborate a bit more?
Copy link to clipboard
Copied
I don't think seeing the information from "View Source" is an issue - the only information a user would be able to view is their own.
Now, transmitting to the company - THAT needs to be secure. As long as the data is being POSTED (not GET) from a form via SSL (httpS), it should be secure.
Unless, like Dan, I'm not understanding the question as you have put it.
^_^
Copy link to clipboard
Copied
I agree! I was thinking the same thing but not sure until someone said it. It's been moved to https and I also added Dan' suggestion. From the net I found the following and I think I'm done. Thank you everyone!
<cfheader name="expires" value="#now()#">
<cfheader name="pragma" value="no-cache">
<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">