TMError.txt

Description:
  • The TMError.txt page feeds the messages located at the top of many pages.
  • The TMError.txt page is referenced as F_HTML_PAGE_MESSAGE.

Location:

htdocs/1/WebPagesEN

 

Caveat changing some error messages

You may change any error message that you wish to suit the needs of your venue. However, a few pertain to the sign-in process and may indicate that an email address cannot be used which you may not want to change.

During our Oct 2016 PCI audit, we were required to them generic because it is against PCI rules to divulge information or conditions that could make it easier for a hacker to gain access to a patrons account. Visa/Master Card's reasoning is simple: If you say the email exists, then a hacker would likely cross reference that with other information stolen or bought on the internet. Since people tend to use the same passwords across web sites, they would cross reference and might gain access.

For your safety and the safety of your patrons, we ensure Theatre Manager passes the PCI Audit- to give you less to worry about. The PCI council places 100% web site security over empathy to make any commerce web site easier for patrons to use.

Message # Purpose of error message that could occur during login process Message before being genericized for PCI Audit
10012 error message if email address could not be found in the database during the login process. Error - Please enter a valid email address and password combination.
10013 error message if email does exist in the database, but password is incorrect during login. Should be same message as 10012 to limit ability to delineate this condition Error - invalid email address and password combination{br}(note: password is case sensitive).
10032 the response if email address found and message sent to patron. it is now generc to say that if the email address was found, then an email would be sent, which does not give away the fact that the email adddress does exist A password reset has been sent to your email address at {email}.{br}Please look for the email and follow the instructions on it.
10034 response for email address not in the database. The message is set to be same as 10032 for PCI/OWASP compliance so that no information is conveyed back to the user as to success or failure of the request - it helps prevent finding information in the system for brute force attacks. We're sorry, there are no accounts associated with the email address {email}. Please verify it.
10255 response indicating email address appears invalid because we are unable to lookup the mail exchange server for that email address. Again, according to PCI/OWASP, it is more secure to simply say the email address is invalid (and we suggest to contact the box office) {contents} appears invalid. Unable to lookup the mail exchange server for that email address.
10256 response indicating email address appears invalid because we are unable to lookup the DNS server for that email address. Again, according to PCI/OWASP, it is more secure to simply say the email address is invalid (and we suggest to contact the box office) so this message is set to the same as 10255. {contents} appears invalid. Unable to lookup the DNS server for that email address.
10257 response indicating email address is already on file and to use 'forgot password' instead. Again, according to PCI/OWASP, it is more secure to simply say the email address is invalid (and we suggest to contact the box office) so this message is set to the same as 10255. {contents} is currently in use and cannot be used for the creation of a new account.{br}If this is your email address, please request your password instead.

Able to Call Page(s):

  • Not Applicable

Called By Page(s):

Page(s) Referenced:

  • Not Applicable