|
|
But I've observed one technique that has been nearly universal: the practice of refusing to allow spaces or dashes in credit card number entry fields."
"Credit card numbers are always printed and read aloud in groups of (usually) four digits, and when verifying a number after entry (which involves looking back and forth between the card and the web form) one uses the spacing to resynchronize.
If there were some security or integrity reason for disallowing these characters, I guess I'd buy it, but I've not found a single good reason for it. The consensus among those that I've spoken to is that it's nothing but lazy, sloppy programming. I completely agree.
It turns out that sometimes one can clean up the spaces and dashes in the same amount of code as the instruction not to (this example in perl):
$ccnum =~ s/[-s]//g;
(No spaces or dashes)
Credit card validation should never be done exclusively on the client side, and since the server does it anyway, I just can't find any good reason for this sloppy practice. Those who believe otherwise are very much encouraged to contact me with the reasoning. "
Read Steve's full article at Unixwiz.
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
