unencrypted credit card info in commerce_order and commerce_order_revision tables

Using commerce kickstart 7.x-1.13
I found unencrypted credit card info in commerce_order, commerce_order_revision and cache_form tables. Scared the hell out of us.
Where is this coming from and how do we prevent saving this info.
Debugging determined that this info is put in after we processed the card through authorize.net. It is not occurring in that module. But we have not determined where it is being put it yet.
Any ideas from the community?
As a workaround we have installed a hook to x out this data During Checkout Pending state.

Asked by: bbarnes

on January 14, 2013

2 Answers

I noticed this as well and devised a solution here.

Answer by: cameronbprince

Posted: Jan 16, 2013

We found the root cause of our issue. We were using a prototype authorize module and there was a call there that saved the subscription data in order->data. That line of code is so gone!

Answer by: bbarnes

Posted: Jan 23, 2013

Questions? Answers.

unencrypted credit card info in commerce_order and commerce_order_revision tables

2 Answers

Subscribe

Search form

Questions? Answers.

unencrypted credit card info in commerce_order and commerce_order_revision tables

2 Answers