VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Deleting CC Number v-6.08
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

ironhawker
VP-ASP Super User

USA
260 Posts

Posted - April 06 2006 :  16:27:51  Show Profile  Visit ironhawker's Homepage  Reply with Quote
The Security Checklist at http://www.vpasp.com/helpnotes/shopexd.asp?id=811 suggests changing the shopa_displayorders.asp line 341 (it's 454 on 6.08) but it is already changed.. sorta
was:
sql= "update orders set oprocessed = 1, ocardno = 0000 where orderid =" & item
Could be:
'Response.write "item=" & item'sql= "update orders set oprocessed = 1 where orderid =" & item
sql= "update orders set oprocessed = 1, ocardno=0000 where orderid =" & item

The question is do the spaces after ocardno=0000 matter in the version that's already there?

~-~-~-~-~-~-~-~-~-~
Randy "RC" Corn
[email protected]

support
Administrator

4266 Posts

Posted - April 06 2006 :  21:04:44  Show Profile  Visit support's Homepage  Reply with Quote
Hi Randy,

No, the spaces won't make a difference.

Regards,
Claire
VP-ASP Support
Go to Top of Page

dandlyin
VP-ASP New User

USA
73 Posts

Posted - April 06 2006 :  21:33:07  Show Profile  Visit dandlyin's Homepage  Reply with Quote
I have seen no discussion regarding storing the CVN security code. The credit card companies explicitly state that no one is to store them electronically. I have chaged the script to remove the CVN when the order is processed, which is currently saved by VPASP. I plan to change it to only send it to me in the order email and not store it at all.
This should be corrected.
Dan Dotson
Go to Top of Page

support
Administrator

4266 Posts

Posted - April 07 2006 :  00:20:19  Show Profile  Visit support's Homepage  Reply with Quote
Hi DandyLin,

The CVN is stored for those who are taking credit card orders manually. If using a Gateway then the CVN will not be stored. You should delete the CVN once the order has been processed.

If you are NOT using a gateway then you can change the process code in the shopa_displayorders.asp page so te VN is auto deleted as well as the card number.

Back up shopa_displayorders.asp before proceeding.

Open shopa_displayorders.asp and locate:

sql= "update orders set oprocessed = 1, ocardno = 0000 where orderid =" & item

Change to:

'sql= "update orders set oprocessed = 1, ocardno = 0000 where orderid =" & item
sql= "update orders set oprocessed = 1, ocardno = NULL, oauthorisation = NULL where orderid =" & item

This will cause the CVN to be removed when you process the roder in the admin.

Do not do this if you use a gateway as this is where the authorisation code is stored.

Thank you
Cam

VP-ASP Support
Go to Top of Page

ironhawker
VP-ASP Super User

USA
260 Posts

Posted - April 07 2006 :  02:39:11  Show Profile  Visit ironhawker's Homepage  Reply with Quote
Can somebody from VP-Asp comment on the
ocardno = NULL,
Statement? Please please please

~-~-~-~-~-~-~-~-~-~
Randy "RC" Corn
[email protected]
Go to Top of Page

support
Administrator

4266 Posts

Posted - April 07 2006 :  09:31:22  Show Profile  Visit support's Homepage  Reply with Quote
Hi Randy,

Not sure what you are asking here but assume you are interested in the difference between the 2 lines?

You can use either null to clear the field or you can replace the numbers. Both methods have the same effect.

Thanks!
Cam

VPASP Support
Go to Top of Page

dandlyin
VP-ASP New User

USA
73 Posts

Posted - April 08 2006 :  08:35:36  Show Profile  Visit dandlyin's Homepage  Reply with Quote
sql= "update orders set oprocessed = 1, ocardno = NULL, oauthorisation = NULL where orderid =" & item

won't work because the 3rd field you want is actually oauthorization
Make it:
sql= "update orders set oprocessed = 1, ocardno = NULL, oauthorization = NULL where orderid =" & item

Dan Dotson
Go to Top of Page

support
Administrator

4266 Posts

Posted - April 08 2006 :  08:40:25  Show Profile  Visit support's Homepage  Reply with Quote
Hi Dan,

My bad. Thanks for picking up the typo.

I had an "s" whereas it should have been a "z" in oauthorization.

Thanks,
Cam

VP-ASP Support
Go to Top of Page

dandlyin
VP-ASP New User

USA
73 Posts

Posted - April 08 2006 :  15:50:08  Show Profile  Visit dandlyin's Homepage  Reply with Quote
A problem unique to your interpretation of the language, I assume
Being lazy, I had just copied and pasted the erroneous line into my file- Jet knew it was wrong but I had to find it!
Thanks,
Dan
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000