WebApp Sec mailing list archives
[ Re: IIS log]
From: Jean-Jacques Halans <jj () halans be>
Date: Tue, 05 Aug 2003 22:22:48 +0200
Are cc numbers submitted through a GET maybe? CC numbers should always be posted with a POST, and over HTTPS of course. HTTPS/SSL is useless with a GET. JJ Justin H Tran wrote:
I just viewed an IIS log and I noticed that the credit card # is loogged. I beleive that this is a major flaw to log credit card # is clear text. Does anyone have any advice? Regards, Justin
Current thread:
- [ Re: IIS log] Jean-Jacques Halans (Aug 05)