[Info-vax] ZIP+4
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon May 6 17:18:10 EDT 2019
On 2019-05-06 13:32:28 +0000, Dave Froble said:
> We are using a service via internet for address validation which also
> returns geo location I believe. Communications are via HTTPS, though
> why anyone demands the "S" for data that is freely available is a bit
> of a mystery to me.
Customer data can be sensitive.
There are a whole lot of folks that might not realize how much trouble
some folks can get into, if their data is exposed, too.
If the processing is address normalization as part of purchasing
fulfillment, it'd be better to get the data back from the provider
rather than acquiring a surprise injected by an unrecognized
intermediary.
Whether or not any of this applies to you, it almost certainly applies
to a sizable chunk of consumers of the address validation API.
And the address normalization provider may not want to risk exposures
for these or other issues, and which then means bringing all of the
consumers of the APIs forward.
These connections are a whole lot less of a hassle on other platforms, too.
On another platform I deal with, the default is TLS and you have to
work at it to use cleartext.
But this is OpenVMS, so we get to deal with the "fun" that is the TLS
APIs and CA implementation.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list