Hidden form fields problem. How can I make it more secure.

Report · Jan 28, 2013

The payment page on our website is passing credit card information into a conformation page as form variables. The credit card company requires us to pass all of these form variable to their site for validation.

we pass these form variable using hidden field such as this : <cfinput type="hidden" name="CCNo" value="#Form.CCNo#">

The problem is, when I did view source from my browser, I could see all of the credit card information. I'm sure this need to be changed immediately but

I can't think of a way to make this transaction more secure.

I seems that he credit card company wanted us to pass all of these information as form variables. Is there ways to make passing form variable secure, where users can't see the values from view source??

Please help

Report · Jan 28, 2013

Don't cache the page.

Report · Jan 29, 2013

Do you mind elaborate a bit more?

Report · Jan 29, 2013

I don't think seeing the information from "View Source" is an issue - the only information a user would be able to view is their own.

Now, transmitting to the company - THAT needs to be secure. As long as the data is being POSTED (not GET) from a form via SSL (httpS), it should be secure.

Unless, like Dan, I'm not understanding the question as you have put it.

^_^

Report · Jan 29, 2013

I agree! I was thinking the same thing but not sure until someone said it. It's been moved to https and I also added Dan' suggestion. From the net I found the following and I think I'm done. Thank you everyone!