[ Re: IIS log]

[Jean-Jacques Halans <jj () halans be>]

Are cc numbers submitted through a GET maybe?
CC numbers should always be posted with a POST, and over HTTPS of course.
HTTPS/SSL is useless with a GET.

JJ

Justin H Tran wrote:

> I just viewed an IIS log and I noticed that the credit card # is loogged.
> I beleive that this is a major flaw to log credit card # is clear text.
> Does anyone have any advice?
>
>
> Regards,
> Justin
>
>
>
>
>