Author |
Topic |
|
ironhawker
VP-CART Super User
USA
260 Posts |
Posted - April 06 2006 : 16:27:51
|
The Security Checklist at http://www.vpasp.com/helpnotes/shopexd.asp?id=811 suggests changing the shopa_displayorders.asp line 341 (it's 454 on 6.08) but it is already changed.. sorta was: sql= "update orders set oprocessed = 1, ocardno = 0000 where orderid =" & item Could be: 'Response.write "item=" & item'sql= "update orders set oprocessed = 1 where orderid =" & item sql= "update orders set oprocessed = 1, ocardno=0000 where orderid =" & item
The question is do the spaces after ocardno=0000 matter in the version that's already there?
~-~-~-~-~-~-~-~-~-~ Randy "RC" Corn [email protected] |
|
support
Administrator
4679 Posts |
Posted - April 06 2006 : 21:04:44
|
Hi Randy,
No, the spaces won't make a difference.
Regards, Claire VP-ASP Support |
|
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - April 06 2006 : 21:33:07
|
I have seen no discussion regarding storing the CVN security code. The credit card companies explicitly state that no one is to store them electronically. I have chaged the script to remove the CVN when the order is processed, which is currently saved by VPASP. I plan to change it to only send it to me in the order email and not store it at all. This should be corrected. Dan Dotson |
|
|
support
Administrator
4679 Posts |
Posted - April 07 2006 : 00:20:19
|
Hi DandyLin,
The CVN is stored for those who are taking credit card orders manually. If using a Gateway then the CVN will not be stored. You should delete the CVN once the order has been processed.
If you are NOT using a gateway then you can change the process code in the shopa_displayorders.asp page so te VN is auto deleted as well as the card number.
Back up shopa_displayorders.asp before proceeding.
Open shopa_displayorders.asp and locate:
sql= "update orders set oprocessed = 1, ocardno = 0000 where orderid =" & item
Change to:
'sql= "update orders set oprocessed = 1, ocardno = 0000 where orderid =" & item sql= "update orders set oprocessed = 1, ocardno = NULL, oauthorisation = NULL where orderid =" & item
This will cause the CVN to be removed when you process the roder in the admin.
Do not do this if you use a gateway as this is where the authorisation code is stored.
Thank you Cam
VP-ASP Support |
|
|
ironhawker
VP-CART Super User
USA
260 Posts |
Posted - April 07 2006 : 02:39:11
|
Can somebody from VP-Asp comment on the ocardno = NULL, Statement? Please please please
~-~-~-~-~-~-~-~-~-~ Randy "RC" Corn [email protected] |
|
|
support
Administrator
4679 Posts |
Posted - April 07 2006 : 09:31:22
|
Hi Randy,
Not sure what you are asking here but assume you are interested in the difference between the 2 lines?
You can use either null to clear the field or you can replace the numbers. Both methods have the same effect.
Thanks! Cam
VPASP Support |
|
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - April 08 2006 : 08:35:36
|
sql= "update orders set oprocessed = 1, ocardno = NULL, oauthorisation = NULL where orderid =" & item
won't work because the 3rd field you want is actually oauthorization Make it: sql= "update orders set oprocessed = 1, ocardno = NULL, oauthorization = NULL where orderid =" & item
Dan Dotson |
|
|
support
Administrator
4679 Posts |
Posted - April 08 2006 : 08:40:25
|
Hi Dan,
My bad. Thanks for picking up the typo.
I had an "s" whereas it should have been a "z" in oauthorization.
Thanks, Cam
VP-ASP Support |
|
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - April 08 2006 : 15:50:08
|
A problem unique to your interpretation of the language, I assume Being lazy, I had just copied and pasted the erroneous line into my file- Jet knew it was wrong but I had to find it! Thanks, Dan |
|
|
|
Topic |
|