Credit Card Scare

Comments

• Options

  DavidTO Registered Users, Retired Mod Posts: 19,160 Major grins

  May 15, 2005 edited May 15, 2005

  You will mostly get help based on your post, but I want to point out the sticky thread at the top of this forum, that this is not the official support page for smugmug, and that if you want help, it is best to go here or help@smugmug.com

  Moderator Emeritus
  Dgrin FAQ | Me | Workshops

  0
• Options

  mercphoto Registered Users Posts: 4,550 Major grins

  May 15, 2005 edited May 15, 2005

  kc7dji wrote:

  Maybe someone can confirm what I'm seeing on this end. I logged into my smugmug and ordered some photos on a computer that was not mine. When I was done I clicked "Logout" and I was returned to my normal smugmug screen and not logged in.
  
  Then another person on that computer clicked on one of my albums to order some photos of their own from my albums. Since I'm now logged out it shouldn't know who I am any longer. They put photos in their cart, clicked to checkout and the next screen showed all of my information and also had all my credit card info. They were able to order photos and use my information. We duplicated the same problem even after we closed and re-started our browser.
  
  This scares the hell out of me. Will someone please look into this?
  
  kc7dji

  
  You need to clear the browser cache. Its not a Smugmug issue.

  Bill Jurasz - Mercury Photography - Cedar Park, TX
  A former sports shooter
  Follow me at: https://www.flickr.com/photos/bjurasz/
  My Etsy store: https://www.etsy.com/shop/mercphoto?ref=hdr_shop_menu

  0
• Options

  3rdPlanetPhotography Banned Posts: 920 Major grins

  May 16, 2005 edited May 16, 2005

  mercphoto wrote:

  You need to clear the browser cache. Its not a Smugmug issue.

  Then it comes to a design issue. I'm a developer myself and never should I have to clear the cache everytime I place an order. In some cases like in a public library or any public machine you you may not have proper permissions to clear the cache or change any settings.
  
  kc7dji

  0
• Options

  Andy Registered Users Posts: 50,016 Major grins

  May 16, 2005 edited May 16, 2005

  kc, i tried to recreate your problem and couldn't get the same result.
  
  sorry

  Andy
  
  Portfolio • Workshops • Facebook • Twitter
  

  0
• Options

  flyingpylon Registered Users Posts: 260 Major grins

  May 16, 2005 edited May 16, 2005

  Whenever you use a computer other than your own, and think you have "logged out" of a site, you should also close the browser.

  0
• Options

  {JT} Registered Users Posts: 1,016 Major grins

  May 16, 2005 edited May 16, 2005

  Nope, you should not have to clear your cache. Not sure what is going on here - but when you logout, we destroy your session and all the information related to it. So when you hit any form page you should not see anything filled in. I tried to recreate this as well and can not. Can you provide more info: browser, os, version, plugins (google toolbar for instance remembers form values for you and fills them in, even AFTER you have logged out, look for yellow form fields).
  

  kc7dji wrote:

  Then it comes to a design issue. I'm a developer myself and never should I have to clear the cache everytime I place an order. In some cases like in a public library or any public machine you you may not have proper permissions to clear the cache or change any settings.
  
  kc7dji

  0
• Options

  mercphoto Registered Users Posts: 4,550 Major grins

  May 16, 2005 edited May 16, 2005

  {JT} wrote:

  Nope, you should not have to clear your cache. Not sure what is going on here - but when you logout, we destroy your session and all the information related to it.

  
  Did the guy, by any chance, tell his browser to remember data values filled in on a form?

  Bill Jurasz - Mercury Photography - Cedar Park, TX
  A former sports shooter
  Follow me at: https://www.flickr.com/photos/bjurasz/
  My Etsy store: https://www.etsy.com/shop/mercphoto?ref=hdr_shop_menu

  0
• Options

  {JT} Registered Users Posts: 1,016 Major grins

  May 16, 2005 edited May 16, 2005

  mercphoto wrote:

  Did the guy, by any chance, tell his browser to remember data values filled in on a form?

  
  That is what we are waiting to hear on. I mentioned third party plugins like google toolbar and their ability to do this, but I think that IE only has auto complete and will not fill things in automatically on it's own.

  0
• Options

  onethumb Administrators Posts: 1,269 Major grins

  May 16, 2005 edited May 16, 2005

  kc7dji wrote:

  Maybe someone can confirm what I'm seeing on this end. I logged into my smugmug and ordered some photos on a computer that was not mine. When I was done I clicked "Logout" and I was returned to my normal smugmug screen and not logged in.
  
  Then another person on that computer clicked on one of my albums to order some photos of their own from my albums. Since I'm now logged out it shouldn't know who I am any longer. They put photos in their cart, clicked to checkout and the next screen showed all of my information and also had all my credit card info. They were able to order photos and use my information. We duplicated the same problem even after we closed and re-started our browser.
  
  This scares the hell out of me. Will someone please look into this?
  
  kc7dji

  
  
  This is a bug. Sorry! We'll have a fix out "soon".
  
  I should note, though, that no credit card information is stored on your browser where anyone else can get to it. Additionally, they can't get it from any of the pages in the cart. So they can't take your card and use it elsewhere.
  
  We still take this seriously, and already have a fix ready to test. Our carts used to self-destruct as soon as you closed your browser, but now they persist for a month, and we overlooked this issue.
  
  Thanks for letting us know!
  
  Don

  0
• Options

  Bodley Registered Users Posts: 766 Major grins

  May 16, 2005 edited May 16, 2005

  onethumb wrote:

  This is a bug. Sorry! We'll have a fix out "soon".
  
  Our carts used to self-destruct as soon as you closed your browser, but now they persist for a month, and we overlooked this issue.
  
  Thanks for letting us know!
  
  Don

  Will the shipping and card info still be filled in automatically if you are logged in? I really like not having to input this data.
  
  Greg

  Greg
  "Tis better keep your mouth shut and be thought of as an idiot than to open your mouth and remove all doubt"

  0
• Options

  onethumb Administrators Posts: 1,269 Major grins

  May 16, 2005 edited May 16, 2005

  Bodley wrote:

  Will the shipping and card info still be filled in automatically if you are logged in? I really like not having to input this data.
  
  Greg

  
  If you're logged in, yes, we pre-fill the data we can. (using the buttons on the shipping & billing pages).
  
  Don

  0
• Options

  3rdPlanetPhotography Banned Posts: 920 Major grins

  May 16, 2005 edited May 16, 2005

  onethumb wrote:

  If you're logged in, yes, we pre-fill the data we can. (using the buttons on the shipping & billing pages).
  
  Don

  Great! Thank you guys so much for looking into this. I really didn't mean to sound like I was b*tching but I too think it's a serious issue.
  
  Awesome work and fast response!!!!
  
  kc7dji

  0