JKOwners Forum banner

1 - 16 of 16 Posts

·
Registered
Joined
·
2,112 Posts
Discussion Starter #1
PLEASE PLEASE PLEASE PLEASE!!!

If you are selling something online and you ask me to create an account.

DO NOT EMAIL ME MY PASSWORD IN CLEAR TEXT!!!

Do you know what that generally means? It means my password is stored in clear text. If anyone gets access to your database they now have my password.

While I use different passwords for every website I visit. Some people do not.

When I see this happen. I will not buy anything from you. I wont even call you to place an order. I'll just assume you don't value my privacy or security.

If you can't keep something a simple as an online store secure I'd hate to see what your physical files look like.

Oh, and don't give me shit about "that's not their core business" ... I'm sorry. In this day in age there are tons of free (that's right $0.00) tools that will help you avoid pitfalls such as the one listed above.

On that note. If anyone here wants help correcting such a problem. I will offer free advice. I live and breathe this sort of stuff. :)
 

·
Owner: TWF
Joined
·
621 Posts
Who is this guided at?
 

·
Registered
Joined
·
2,112 Posts
Discussion Starter #6
if it wasn't directed at a vendor here it would prob be in dirty laundry but given it is in the general discussion it sounds like he ran into this with a sponsor here.
I've seen this both sponsors and not.
I'd rather not name names.

I believe most of these errors are out of ignorance rather than laziness.

However, it has been my experience that when privately alerted to these problems most vendors simply shrug it off. :pissed:
 

·
Registered
Joined
·
5,305 Posts
I ordered my Racelines directly from Greg at Raceline.
He asked me to write my order on a piece of paper and fax it with my credit card info and everything on it.:laughing2:

Oddly enough, I felt ok doing it because who the fawk ever wasted their time trying to hack into a fax line...:laughing:
 

·
Registered
Joined
·
1,054 Posts
you'd be surprised...

he is right though. ID theft is rappidly growing. it is easy and cheap to prevent on the seller and buyer side.

i don't mind the extra few seconds for a https page to load for a purchase.
 

·
Registered
Joined
·
1,694 Posts
Vendors:

  • NO, I do not want to create an account with you
  • NO, I will not give you my demographic information (if you force it I will leave)
  • NO, I do not want you to EVER store my payment information
  • NO, I do not want to receive advertisements or promotional messages
  • Coupons, significant discounts and free shit is okay, but only if the offer's valid for a reasonable period of time (like at least 2 weeks) :thefinger:
  • Yes, I check for SSL, and won't order without it.
  • Yes, I check for a reputable security seal, such as Verisign, Trustwave, McAfee, etc., and favor sites that utilize these services.
I use Virtual Account Numbers instead of my real credit card number for all my on-line purchases, even for subscriptions and repeat business. It's saved me a lot of hassle on a few occasions.
 

·
Owner: TWF
Joined
·
621 Posts
If you don't want to order on line, pick up the phone and call in your order. Being the number one vendor on the worlds largest 4wd site I can telll you I have never had a customer say anything on this subject. We need your address to ship and your email to send tracking info
 

·
Registered
Joined
·
2,112 Posts
Discussion Starter #12
If you don't want to order on line, pick up the phone and call in your order. Being the number one vendor on the worlds largest 4wd site I can telll you I have never had a customer say anything on this subject. We need your address to ship and your email to send tracking info
There is a difference between needing that information and proper security.

The following is a general statement and not directed at anyone in particular.

I understand why online stores want customers to have accounts as it makes the entire experience easier when things go wrong or changes need to be made. Creating an account wont stop me from using a website.

What will stop me from using a website are amateur mistakes.
- SSL with lack of a verified cert
- My password better not be emailed to me
- If any of your profile boxes allow me to XSS your site.
- If after I create my account I have no way to edit/delete it without calling you.
- If your site uses phpMyAdmin and i can access simply by adding /phpMyAdmin to the end of your domain
- If your webserver tells me its running apache 1.x
- If your php header is public and it is running a version with known vulnerabilities.
- If your website feels/looks like it was created by your family member who "knows" about computers.

If you can't be bothered to spend the money/time to do things right.
I wont bother to spend my money with you. Even if you would save me money.
 

·
Registered
Joined
·
3,116 Posts
What will stop me from using a website are amateur mistakes.
- SSL with lack of a verified cert
- My password better not be emailed to me
- If any of your profile boxes allow me to XSS your site.
- If after I create my account I have no way to edit/delete it without calling you.
- If your site uses phpMyAdmin and i can access simply by adding /phpMyAdmin to the end of your domain
- If your webserver tells me its running apache 1.x
- If your php header is public and it is running a version with known vulnerabilities.
- If your website feels/looks like it was created by your family member who "knows" about computers.

If you can't be bothered to spend the money/time to do things right.
I wont bother to spend my money with you. Even if you would save me money.
^^^^^^^^^^^My guess is that most vendors have no idea what you're talking about here. ^^^^^^^^^^^^^^^

Perhaps link them a website that explains it? As writing on here to explain would take a lot of time and typing.

If you like a vendor but not their site, im sure you can just call them to order. Ordering over the phone has been around longer than the interwebz. :beer:
 

·
Registered
Joined
·
156 Posts
We need your address to ship and your email to send tracking info
Yea, but there are thousands and thousands of sites that are able to successully mail me my products, and email me a receipt, without requiring me to 'make an account.'

It is absolutely possible to complete a transaction without requiring the customer to save their personal information and credit card behind a logon/password.

Any site that I expect only to make 1-2 purchases from that requires me to create an account gets my account information - which after purchase gets changed to have no credit card stored and other information set to match the company's customer service address ;)
 
1 - 16 of 16 Posts
Top