Quantcast

Webervations...will this change be permanent?

INNspiring.com | Innkeeper Forum & Innkeeping Resources

Help Support INNspiring.com | Innkeeper Forum & Innkeeping Resources:

Don Draper

Well-known member
Joined
Aug 10, 2008
Messages
2,863
Reaction score
0
I saw the whole discussion thread on what is currently happening with Webervations and CVV codes, etc. This is a more basic question, I suppose for John.
Currently when I go to process a Webervations Request all the normal info to Accept or Reject is there, save the credit card info, which says "Area Under Maintenance, Click Here for Info".
Is this just while the maintenance is being performed or will we now have to log into "Review Bookings" to get the credit card info? If this is temporary, do you have any idea how long it will stay this way?
Thank You!
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
YES! This is just what I asked on another thread as well. All those extra steps to get the info. I would like to know as well, thanks John. I would like to have my INNKEEPERS CLICK HERE from the email point directly the page where I actually click the booked date to grab the cc info.
 

Morticia

Administrator
Staff member
Administrator
Moderator
Joined
May 22, 2008
Messages
17,281
Reaction score
147
YES! This is just what I asked on another thread as well. All those extra steps to get the info. I would like to know as well, thanks John. I would like to have my INNKEEPERS CLICK HERE from the email point directly the page where I actually click the booked date to grab the cc info..
JunieBJones (JBJ) said:
YES! This is just what I asked on another thread as well. All those extra steps to get the info. I would like to know as well, thanks John. I would like to have my INNKEEPERS CLICK HERE from the email point directly the page where I actually click the booked date to grab the cc info.
This is totally off, but Amazon stopped doing that years ago due to complaints that anyone who accessed that email could then get all the info about the sale. They, Amazon, went to a simple notification email that stated you had a sale to complete and to log into your account to do so. (Amazon info never had any cc info, just customer mailing info and links to that info online, but they felt that was too much info for an email.)
 

Don Draper

Well-known member
Joined
Aug 10, 2008
Messages
2,863
Reaction score
0
Oh gosh, and now the Availaiblity Calendar is all wonky...instead of the normal boxes that you can check, it's all 0's and 1's. WHY does all this have to be happening NOW when we are getting ready to go out of town and our substitutes will be the ones who have to deal with it all?????
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
Oh gosh, and now the Availaiblity Calendar is all wonky...instead of the normal boxes that you can check, it's all 0's and 1's. WHY does all this have to be happening NOW when we are getting ready to go out of town and our substitutes will be the ones who have to deal with it all?????.
InnsiderInfo said:
Oh gosh, and now the Availaiblity Calendar is all wonky...instead of the normal boxes that you can check, it's all 0's and 1's. WHY does all this have to be happening NOW when we are getting ready to go out of town and our substitutes will be the ones who have to deal with it all?????
Mine are the same. There is another button you have clicked on me thinks, try it again?
 

Don Draper

Well-known member
Joined
Aug 10, 2008
Messages
2,863
Reaction score
0
I just called Webervations and spoke to Zack. He helped me make the Availability Calendar with the check boxes my default...that just weirded me out as I had never seen that version before, evidently it is now the default.
Zack also thought that the needing to click thru to get the credit card info was going to be a permanent change.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
 

EmptyNest

Well-known member
Joined
May 22, 2008
Messages
8,741
Reaction score
1
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
John,
Don't you think a "Blanket letter" of explanation of the changes should be going to your Webervations customers. I have quite a few cabin owners whose sites I have set up.....but if there are changes, they should know about it and let me know if there are changes I need to make to their set ups.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
John,
Don't you think a "Blanket letter" of explanation of the changes should be going to your Webervations customers. I have quite a few cabin owners whose sites I have set up.....but if there are changes, they should know about it and let me know if there are changes I need to make to their set ups.
.
catlady said:
John,
Don't you think a "Blanket letter" of explanation of the changes should be going to your Webervations customers. I have quite a few cabin owners whose sites I have set up.....but if there are changes, they should know about it and let me know if there are changes I need to make to their set ups.
Yes, there was a communication mixup here - it is going out shortly.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
.
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
.
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
.
JBanczak said:
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
The ONLY thing I stay logged into is this forum. It is on my pc all the time unless I reboot.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
Here is the email we are sending out in case you guys are interested:\
Less than four months after the successful transition of the Webervations system, RezOvation is pleased to announce a sweeping set of product enhancements for Webervations 1.0. First on the list, the encryption methods used on all credit cards entered into Webervations have been extended and upgraded to provide a much greater level of security, on par with that used by BedandBreakfast.com and RezOvation GT and Desktop products. A number of additional security procedures were put in place, including the removal of access to credit card information through direct or unencrypted links. Innkeepers can rest assured that their data is now safer than ever --- another step taken to protect the industry from potential theft and fraud.
To add to the security features, effective immediately, Webervations will no longer be accepting or storing CVV or CVV2 numbers as per the PCI compliance guidelines. PCI regulations expressly prohibit the storing of CVV numbers for viewing. Any system that provides this feature to innkeepers is in violation of PCI regulations, and innkeepers who use systems that provide this feature should know that they can be held liable for using non-compliant systems. RezOvation is committed to ensuring that innkeepers have a system that enables them to have both the best security, as well as one that clearly follows PCI guidelines. By the end of May, a new Webervations feature will enable users to customize their credit card retention policies. Innkeepers will be able to choose how long they retain credit card data – they can delete it immediately after a booking is processed or retain it until a guest checks out. This auto-delete functionality is similar to functionality that has been very well received by RezOvation GT users. Innkeepers can hold onto sensitive data as long as they wish; all sensitive data can be deleted automatically based on their specific settings.
Webervations users who are also BedandBreakfast.com members will also be delighted by another new feature: Webervations can now be used to manage rates and inventory, and receive reservations directly from BedandBreakfast.com, Expedia, hotels.com, Kayak, Sidestep, Nextag, and coming this fall, Travelocity! BedandBreakfast.com recently signed an agreement with Travelocity to feature BedandBreakfast.com bookable properties on Travelocity websites, moving one step closer to the goal of getting B&Bs sold on every major online travel directory through a system that is easy for innkeepers to manage. Rates and inventory automatically synchronize across all systems, and reservations show up immediately in the Webervations system. It takes only a few minutes to set up the new feature, and customers who already use the BedandBreakfast.com Online Reservations program can easily switch over and use Webervations for management instead of the BedandBreakfast.com Online Reservations Manager.
Additional improvements to both Webervations 1.0 and 2.0, as well as to RezOvation GT are planned for the summer months and will be announced as soon as they are ready.
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
.
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
.
JBanczak said:
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
.
JunieBJones (JBJ) said:
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
Well I stayed logged in but do place my PC on sleep when I am away, which requires a password to wake up! This was easier as when I am busy cleaning rooms DH sometimes would be asked about dates etc. and it was easier to have Weberv. already open for him to see and provide a faster response. Oh well, I can understand the security end of it and we have given up so much on ease of everything because of security, what is one more!
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
.
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
.
JBanczak said:
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
.
JunieBJones (JBJ) said:
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
Well I stayed logged in but do place my PC on sleep when I am away, which requires a password to wake up! This was easier as when I am busy cleaning rooms DH sometimes would be asked about dates etc. and it was easier to have Weberv. already open for him to see and provide a faster response. Oh well, I can understand the security end of it and we have given up so much on ease of everything because of security, what is one more!
.
Copperhead said:
JunieBJones (JBJ) said:
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
Well I stayed logged in but do place my PC on sleep when I am away, which requires a password to wake up! This was easier as when I am busy cleaning rooms DH sometimes would be asked about dates etc. and it was easier to have Weberv. already open for him to see and provide a faster response. Oh well, I can understand the security end of it and we have given up so much on ease of everything because of security, what is one more!
Yes but you can see avail on your website right? Or you mean so he can check the box when booked?
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap..
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
.
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
.
JBanczak said:
JunieBJones (JBJ) said:
JBanczak said:
This was actually a pretty big hole in the system. Basically what used to happen is every email contained a link that auto-logged into the credit card number. We have encrypted and disabled this, so no longer can an email be intercepted and used to get into the backend. No system should allow this - period. I don't think I need to explain what a problem this represented since everyone knows you don't allow sensitive information into unsecure emails.
This is a "permanent" change, although we are working out a bit easier way to deal with it. It is not under maintenance - we need to change that text asap.
Yes you know we go in and collect them often and having the password enabled is a problem as someone CAN get the email and just click through to it. But we can't enter it every time. Dh has a fit when I do that. Keep us posted.
We will be changing the flow slightly to enable better access to accept or reject, but there will always have to be a password timeout - any system that enables you to view sensitive data must have this. You can use your browser on your machine to store login and pwd though streamlining the process. Any company - whether it is Chase, Paypal, Amazon, etc. times out a user so that someone cannot sit down at a system and get access to information. I know it isn't as fast and easy as one would like, but logging in a handful of times/day is clearly a lot safer than open access.
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
.
JunieBJones (JBJ) said:
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
Well I stayed logged in but do place my PC on sleep when I am away, which requires a password to wake up! This was easier as when I am busy cleaning rooms DH sometimes would be asked about dates etc. and it was easier to have Weberv. already open for him to see and provide a faster response. Oh well, I can understand the security end of it and we have given up so much on ease of everything because of security, what is one more!
.
Copperhead said:
JunieBJones (JBJ) said:
That is a good question re logging in. I do not stay logged in, ever. I make changes, get info and log out each and every time. So that was actually what I meant, going in and out all day every day. Any one could step from the foyer to this pc, with sensitive info on here I don't leave anything logged in. But maybe I am not the norm? What do the majority do?
Well I stayed logged in but do place my PC on sleep when I am away, which requires a password to wake up! This was easier as when I am busy cleaning rooms DH sometimes would be asked about dates etc. and it was easier to have Weberv. already open for him to see and provide a faster response. Oh well, I can understand the security end of it and we have given up so much on ease of everything because of security, what is one more!
Yes but you can see avail on your website right? Or you mean so he can check the box when booked?
.
I guess if the question was for a certain room for certain dates, he could just go to our site, but as you know sometimes it is a more complex issue - a room for so many nights but one room may not be avail. for all the nights and shifting needs to be looked at. We will adjust, just like we have adjusted for other issues. It was just a nice convenience.
 

Don Draper

Well-known member
Joined
Aug 10, 2008
Messages
2,863
Reaction score
0
Thank you for the information John. I am happy that the system will be even more secure than it was. I'm glad you're sending out an email so folks will know what's happening though, it's always confusing when something changes and it's good to have it spelled out.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
Thank you for the information John. I am happy that the system will be even more secure than it was. I'm glad you're sending out an email so folks will know what's happening though, it's always confusing when something changes and it's good to have it spelled out..
InnsiderInfo said:
Thank you for the information John. I am happy that the system will be even more secure than it was. I'm glad you're sending out an email so folks will know what's happening though, it's always confusing when something changes and it's good to have it spelled out.
Thanks - and again, apologize for the lack of communication. We screwed-up by not getting this out immediately. Sorry guys -
 

Latest posts

Top