commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedikt Ritter <brit...@apache.org>
Subject Re: [VALIDATOR] How to handle credit card number length (Was: [VALIDATOR] Release 1.5.2?)
Date Tue, 14 Feb 2017 07:53:41 GMT

> Am 13.02.2017 um 10:45 schrieb sebb <sebbaz@gmail.com>:
> 
> On 13 February 2017 at 08:27, Benedikt Ritter <britter@apache.org <mailto:britter@apache.org>>
wrote:
>> 
>>> Am 13.02.2017 um 01:36 schrieb sebb <sebbaz@gmail.com>:
>>> 
>>> On 12 February 2017 at 18:01, sebb <sebbaz@gmail.com> wrote:
>>>> On 12 February 2017 at 15:54, Benedikt Ritter <britter@apache.org>
wrote:
>>>>> Hello Sebb,
>>>>> 
>>>>> Are you about to create an RC for 1.5.2? If not, please let me know when
you’re finished with your latest changes. I’d like to push out a new release soon.
>>>> 
>>>> I'm working towards getting it ready for a new release.
>>>> Another few days at most, I hope.
>>> 
>>> I have come to a stop for now.
>>> 
>>> There are some requests to update the CreditCardValidator which could
>>> perhaps be done, but it's difficult getting definitive information.
>>> 
>>> Should we be as strict as possible with lengths, or should we allow a
>>> range of lengths even if there don't seem to be any cards with all of
>>> them yet?
>>> 
>>> The Discover network is also a bit tricky as it includes many other cards.
>>> Also in some areas it includes additional cards, e.g. China Union Pay,
>>> which are handled independently elsewhere.
>>> 
>>> How should these be handled?
>> 
>> I think we should be as strict as we can be on basis of the available documentation.
Better reject something that is valid and let users build their custom validator on top of
ours than silently accepting invalid cards, causing hard to find bugs in client code.
> 
> The code cannot know which actual cards are in use; that has to be
> done by the issuer or the processing network.
> 
> However it can ensure that the number is possibly valid, by validating
> the syntax, length and check digit.
> 
> There are now generic validators which validate syntax, length and the
> check digit only.
> And it is now possible to build additional validators without needing
> to use REs.
> 
> But I'm wondering what is the point of the IIN checks?
> If these are too strict, they will reject valid cards, possibly
> preventing a sale?
> If they are too lax, they will allow invalid cards, but these will be
> rejected later
> Maybe we need to ask for some use cases from the people wanting updates.

One way or the other there will be users complaining that either we rejected valid cards or
we did not reject invalid cards… :-) Don’t know which option is better.

Benedikt

> 
>> Benedikt
>> 
>>> 
>>>> Whether the RM is me or you, I don't mind.
>>>> 
>>>> Though maybe it needs to be 1.6 rather than 1.5.2?
>>>> 
>>>> 
>>>> 
>>>>> Thank you!
>>>>> Benedikt
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org <mailto:dev-unsubscribe@commons.apache.org>
> For additional commands, e-mail: dev-help@commons.apache.org <mailto:dev-help@commons.apache.org>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message