Okay, just to add to the story. Mrs cafcfan received just the one email with her correct reference number/user name but an entirely different password. I received two emails. One had a new (to me) user name but my actual password. The other had my original user name but an entirely new password. Confusing or what?
I replied "Please do not contact me until the Belgians have left!"
"Charlton fan of 47 years"
Of course that was un-returnable but I got a jolly out of typing it.
More worrying is the pleading email from Peter Garston "Defend Our Den"... when did I sign that petition and what was I under the influence of at the time?
My two emails had my name on them, one in full form, the other in its diminutive. I suspect the second one was set up in frustration with the original CAFC registration system, which lends weight to the club's explanation in this instance.
Erhh... There should be no reason they could even access a plain-text version of ANYONEs password, let alone transmit it via email. This is basic development 101, I'd reprimand even a junior developer if I saw any application whereby user authentication credentials were stored in plain-text. The erroneous emailing of them is completely and utterly unforgivable though, and I would imagine a severe DPA breach.
Second question; if anyone has bought tickets recently, do the payments go via the CAFC site or via a third party payment gateway? If they handle payments directly, then I would imagine storing user login credentials in plain-text may cause a compliance issue with PCI-DSS? (As I think that extends beyond the storage of payment details, and in to the security of any system which handles payments; if anyone here works in compliance perhaps they could shed some light on that?)
Alas, I understand that this isn't actually the club - but most likely their vendor. But still... WTF?
I got three different e-mails, all with different log-in details to my actual log-in details.
I think I've cracked it.
Katrien wants everyone to buy their ticket on-line.
By doubling and in some cases triplicating the same database entry the company responsible for managing this can report back to her with up to three times the real number of fans entered onto the ticket ordering database.
Great progress, original target more than handsomely overtaken, Result.
Everone seems to be getting a set of wrong details, but for some reason I've been left out. So if anyone has a spare set of wrong details, can I have them?
No emails but I rang up to buy 7 Oxford tickets today and was told I had 4 records in my name on their system.
When they said tickets were still on restricted sale of two per person so I'd need to provide details of others I asked why can't I buy 2 tickets under each of my entries? He didn't get the joke but very efficient service.
Erhh... There should be no reason they could even access a plain-text version of ANYONEs password, let alone transmit it via email. This is basic development 101, I'd reprimand even a junior developer if I saw any application whereby user authentication credentials were stored in plain-text. The erroneous emailing of them is completely and utterly unforgivable though, and I would imagine a severe DPA breach.
Second question; if anyone has bought tickets recently, do the payments go via the CAFC site or via a third party payment gateway? If they handle payments directly, then I would imagine storing user login credentials in plain-text may cause a compliance issue with PCI-DSS? (As I think that extends beyond the storage of payment details, and in to the security of any system which handles payments; if anyone here works in compliance perhaps they could shed some light on that?)
Alas, I understand that this isn't actually the club - but most likely their vendor. But still... WTF?
It is the club.
All downhill since you left.
That reminds me - my grandfather had a chronic bad back and the doctor said put duck fat on it - didn't work - he's been going downhill fast ever since.
Received my email from the club. No idea where they got the username from but I was very childishly pleased to see the club send me an email which includes the password rolandblowsgoats!!
Comments
I've not got one either, must be the protest shirt I wore Saturday
I replied "Please do not contact me until the Belgians have left!"
"Charlton fan of 47 years"
Of course that was un-returnable but I got a jolly out of typing it.
More worrying is the pleading email from Peter Garston "Defend Our Den"... when did I sign that petition and what was I under the influence of at the time?
Praise the Lord!
Katrien wants everyone to buy their ticket on-line.
By doubling and in some cases triplicating the same database entry the company responsible for managing this can report back to her with up to three times the real number of fans entered onto the ticket ordering database.
Great progress, original target more than handsomely overtaken,
Result.
Different account numbers, different passwords.
Used one to order a block of season tickets and have been sent a blow up doll instead.
Handy.
When they said tickets were still on restricted sale of two per person so I'd need to provide details of others I asked why can't I buy 2 tickets under each of my entries? He didn't get the joke but very efficient service.
Did they work?