Re: Storing Credit Card Info?
| От | James F.Hranicky |
|---|---|
| Тема | Re: Storing Credit Card Info? |
| Дата | |
| Msg-id | 20020321234020.79c852f9.jfh@cise.ufl.edu обсуждение исходный текст |
| Ответ на | Re: Storing Credit Card Info? ("Greg Sabino Mullane" <greg@turnstep.com>) |
| Список | pgsql-general |
On Wed, 13 Mar 2002 16:40:41 -0000 "Greg Sabino Mullane" <greg@turnstep.com> wrote: > However, it fails to protect against someone breaking into the application > box and getting the encryption key and/or reading credit card numbers after > they are decrypted. Unfortunately, there is no simple way to defend against > this, besides the obvious securing of the box, because at some point the > application will need the credit card information "in the clear." You can How about having the form public-key encrypt the data, then store that in a db? The private key is on the ordering box, which is locked down as tight as possible. To get the info, you have to get into the ordering box (which only connects to other machines, and allows no incoming connections at all), or get into the web server and send a SEGV to the web server (or cgi, etc) and dig through the core dump. I plan on setting up a web-based account registration system like this... someday. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh | ----------------------------------------------------------------------
В списке pgsql-general по дате отправления: