+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Credit Card Data within Form Validation (/showthread.php?tid=59086)
Credit Card Data within Form Validation - El Forum - 08-22-2013
[eluser]brightdevice[/eluser]
What kind of security issues are there when using credit cards within Codeigniter's form validation? I'm thinking in terms of re-populating input fields with the submitted credit card data, when there have been errors detected within the form.
I'm aware that when the form is submitted successfully that data can be encrypted and saved to a session database, but I'm not sure how this works with the form validation? Is it generally unsafe to be passing the CC information through that process?
Thanks!
Credit Card Data within Form Validation - El Forum - 08-22-2013
[eluser]kamikaz[/eluser]
Don't re-populate your form with such kind of data. The user is aware if he fail he must re-enter all the information. When I'm connecting to my online bank account, there is a "long" procedure and if I fail then... I cry a lot and I do it again
But first of all, use a SSL certificate for your website (https).
Credit Card Data within Form Validation - El Forum - 08-22-2013
[eluser]brightdevice[/eluser]
To be more specific when using:
Code:
set_value('cc_number');in the view
and
Code:
$this->form_validation->set_rules('cc_number', 'example', 'required');in the controller
How is the cc_number being processed and then re-populated when there is an error detected within the form validation process?
Credit Card Data within Form Validation - El Forum - 08-22-2013
[eluser]brightdevice[/eluser]
Thanks for the response. Yes, SSL (https) is definitely in use. And as stated, when the form is successfully submitted (makes it past all of the form validation) the CC info is encrypted and saved temporarily in a database table.
I'm just not clear how that POST data in the form is saved and re-populated during a failed form validation? Is it accessible somewhere, in a cookie or session variable?