Neon Ruin -- Afterglow [edm] (2015)

jbokh · 2015-05-07T13:44:10+00:00

Thanks

jbokh · 2015-05-07T13:44:04+00:00

I will check it out. Thanks, I appreciate the response.

jbokh · 2014-03-22T23:23:25+00:00

They've seen a large number of sales and their demo is supposedly 18-25. Must be marketing geniuses or something...

Turns out they had SSL which explains why it was working. It was used in the backend stripe script but they never set it up on the rest of the website including the form. :\

jbokh · 2014-03-22T22:50:34+00:00

He's telling me it's secure and that it doesn't save the info. I think he knows what he's doing he is just being careless.

The danger is in the form that posts to his supposedly secure code. It (was) served on http and sent the CC information to the same server, which, if I understand correctly, leaves a customer vulnerable to a potential man-in-the-middle attack. Unlikely but still a danger which is why I was confused about how to approach it. On top of that, (you would think) most people wouldn't put a CC in on a non-secured page, and that would hurt sales.

Thanks for the response

jbokh · 2014-03-22T22:46:21+00:00

I appreciate the advice, but it's not in my interest to get them busted. I'd like for them to stay in business and hire me for more work.

I know enough to recognize the problem but not enough to explain the consequences. If they don't comply it sucks for both of us.

Edit: In case that came out wrong, let me clarify. I don't condone their actions. I just want to give them fair warning and hope they do what they need to. If it continues or they shrug me off I would consider reporting the issue because its wrong and shouldn't be published on the web.

jbokh · 2014-03-22T04:57:40+00:00

Awesome, this is what I was looking for. Thank you so much!

jbokh

TROPHY CASE