How to disable view source in JSP

Discussion:

(too old to reply)

v***@yahoo.com

2007-01-27 20:09:21 UTC

We are on WC BE 5.6.1. During check out process for our store, shopper has to give credit card information and the credit card parameters are passed to the other views in the flow. When the shopper view the source on the JSPs, currently the credit card information is clearly seen unencrypted. I would like to disable view source in JSP inorder to avoid any hackers getting hold of our customer's credit card info.

Any suggestions?

Nicolai Dufva Nielsen

2007-01-28 12:12:18 UTC

Permalink

You can't prevent users from viewing the source of the HTML that you
send to the browser. Hidden fields are only obscured from immediate view...

You need to rethink your flow, or the way that you retrieve the payment
information later on the process. From what I gather, you ask the user
to submit credit card information before you actually use it. You can
either change that flow and ask for the information immediately before
you use it, or keep it (encrypted) on the server until you need it in a
later step...

/Nicolai

Post by v***@yahoo.com
We are on WC BE 5.6.1. During check out process for our store, shopper has to give credit card information and the credit card parameters are passed to the other views in the flow. When the shopper view the source on the JSPs, currently the credit card information is clearly seen unencrypted. I would like to disable view source in JSP inorder to avoid any hackers getting hold of our customer's credit card info.
Any suggestions?

Robert Brown

2007-02-18 07:38:52 UTC

Permalink

I agree with Nicolai, you should not ask for credit card data on store
pages before checking out. Is what you describe part of the starter
store code? This sounds like custom page flow and whoever built it
doesn't know how to secure private shopper information.

R