ccbill design flaw?
 

does anyone else HATE the fact that affiliate programs using ccbill have an ccbill id/username/password form on their site? yeah i know it POSTs it to a ccbill server, but the fact that people are used to entering their information on various sites is just asking for some jackass to make a fake affiliate program to collect ccbill passwords. affiliates should just have an id number they display, and webmasters can then just enter that number into their own ccbill admin panels. that is all.

You should have just passed you thought on to ccbill instead of this thread.


just my :2 cents:

I have often wondered this same thing. I usually just hit submit first to make sure it takes me to a CCBill page, but I am sure there are still ways to get fucked over and get your accoung hijacked with this. :2 cents:

well it's not really an urgent security matter, but i figured i would pass it on if enough people also had the same feelings.

Well im sure some scammer will pick up on this now that its been posted. Time to start watching your ccbill account(s).

im sorry i always thought this was blatantly obvious

I always check the source to make sure it posts to the ccbill site. Some programs actually DO submit via their own site - probably nothing malicious intended, but there's no way I will submit my full ccbill details to a third party site. If I come across such a site I usually email them and let them know why I cannot sign up with them.

I do think it would be better if the signup form was hosted by ccbill.

:thumbsup