commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [VALIDATOR] How to handle credit card number length (Was: [VALIDATOR] Release 1.5.2?)
Date Mon, 13 Feb 2017 09:45:36 GMT
On 13 February 2017 at 08:27, Benedikt Ritter <britter@apache.org> wrote:
>
>> Am 13.02.2017 um 01:36 schrieb sebb <sebbaz@gmail.com>:
>>
>> On 12 February 2017 at 18:01, sebb <sebbaz@gmail.com> wrote:
>>> On 12 February 2017 at 15:54, Benedikt Ritter <britter@apache.org> wrote:
>>>> Hello Sebb,
>>>>
>>>> Are you about to create an RC for 1.5.2? If not, please let me know when
you’re finished with your latest changes. I’d like to push out a new release soon.
>>>
>>> I'm working towards getting it ready for a new release.
>>> Another few days at most, I hope.
>>
>> I have come to a stop for now.
>>
>> There are some requests to update the CreditCardValidator which could
>> perhaps be done, but it's difficult getting definitive information.
>>
>> Should we be as strict as possible with lengths, or should we allow a
>> range of lengths even if there don't seem to be any cards with all of
>> them yet?
>>
>> The Discover network is also a bit tricky as it includes many other cards.
>> Also in some areas it includes additional cards, e.g. China Union Pay,
>> which are handled independently elsewhere.
>>
>> How should these be handled?
>
> I think we should be as strict as we can be on basis of the available documentation.
Better reject something that is valid and let users build their custom validator on top of
ours than silently accepting invalid cards, causing hard to find bugs in client code.

The code cannot know which actual cards are in use; that has to be
done by the issuer or the processing network.

However it can ensure that the number is possibly valid, by validating
the syntax, length and check digit.

There are now generic validators which validate syntax, length and the
check digit only.
And it is now possible to build additional validators without needing
to use REs.

But I'm wondering what is the point of the IIN checks?
If these are too strict, they will reject valid cards, possibly
preventing a sale?
If they are too lax, they will allow invalid cards, but these will be
rejected later
Maybe we need to ask for some use cases from the people wanting updates.

> Benedikt
>
>>
>>> Whether the RM is me or you, I don't mind.
>>>
>>> Though maybe it needs to be 1.6 rather than 1.5.2?
>>>
>>>
>>>
>>>> Thank you!
>>>> Benedikt
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message