Checksums!

  • Another seldom-known attribute
  • Change in business logic
  • Go right to left
  • Add them up: "odd" digits as is, "even" digits +10, -9 if > 10
  • Must be a multiple of 10

Next


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Old vs. new

 
  • Why catch it early? (automated attack)
  • Old: application logic, shared module
  • Best of the old (app): SELECT cc_checksum(..)
  • Best of the old (dba): trigger
  • New: domain function, all in one place

Next


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  


CREATE OR REPLACE FUNCTION validate_ccnumber(VARCHAR) 
RETURNS BOOLEAN AS '
DECLARE
  mynumber ALIAS FOR $1;
BEGIN

IF length(mynumber) != 16 THEN
  RAISE EXCEPTION \'Credit card numbers must be 16 digits long\';
END IF;


IF cc_checksum(mynumber) THEN
  RAISE EXCEPTION \'Invalid credit card number: checksum failed\n';
END IF;


RETURN TRUE;
END;
' LANGUAGE plpgsql;
      Last             TOC             Next