StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1750259
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2009-11-17T16:58:28.953
FavoriteCount
0
LastActivityDate
2009-11-17T18:49:35.577
LastEditDate
2009-11-17T18:49:35.577
LastEditorUserId
12930
OwnerUserId
12930
ParentId
1750214
PostTypeId
2
Score
22
ViewCount
0
LastEditorDisplayName
text
Body
<h1>No. Do not use javascript to secure credit card payments.</h1> If you did, it would be trivial for someone to copy all your source code, and then poison the DNS cache or even setup phishing sites and send your users' payments into their bank account. Here's a scenario. <ol> <li>You complete your website, example.com, and put everything online. Site launches, yay. You've used javascript to secure your credit card payments system.</li> <li>Someone named Nefarious Hacker notices that you're not using a tried-and true method of securing vital personal information, so he downloads all of your HTML, JS, and CSS.</li> <li>N. Hacker strips out all the js based encryption, leaving only the form. He then hosts it at evil-example.com. It looks exactly like your site, and behaves exactly like your site. Except that it submits unencrypted credit card data to N Hacker's database.</li> <li>N. Hacker sends out some phishing emails that point users to evil-example.com. A few users, believing the evil site to be valid, submit payments. Their credit card is now stolen.</li> <li>N Hacker is able to successfully poison a DNS cache, so some users going to example.com instead are served up evil-example.com. They have no reason to believe the site is fake (the url is what they expect), so they submit payments. Their cards are now stolen.</li> </ol> If you had an SSL cert, the users would know IMMEDIATELY that the evil-example.com was not trusted, or that evil-example.com pretending to be example.com was fake. (I'll make it big so it's obvious) <h1>Bottom line - javascript is not secure enough to do CC payments.</h1>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POCan I use JS encryption instead of SSL for credit card payments?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USdavethegr8
UserOwnerUserId
1. USdavethegr8
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COSSL wouldn't exactly solve the phishing problem. If someone is gullible enough to believe a fake email, then they will likely not notice the absence of the "lock" icon.
 singulars
 PostPostId
 PO
 UserUserId
 USStephen Smith

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.