Date: Fri, 31 May 2002 12:41:55 -0500 (CDT) From: Sean Farley <sean-freebsd@farley.org> To: Scott Gerhardt <scott@gerhardt-it.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Web site security questions Message-ID: <20020531123840.Y7412-100000@thor.farley.org> In-Reply-To: <B91A6223.94B%scott@gerhardt-it.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 May 2002 10:46, Scott Gerhardt wrote: > Just a basic suggestion: > > If you want to store passwords you can do a few things to make it more > difficult for the evil to steal them. > > Besides encrypting the DB entries you could limit potential exposure > by doing something as simple as separating the card numbers as several > different entries in separate tables/databases. You can also store the > personal information that is require for authentication (expiry date > and name) in different locations as well. I guess this could be > called low-tech obfuscation. > > By doing this, the potential hacker will have to breach several DB's > and then have to figure out how to assemble the pieces to make a valid > credit card. You could also make it more difficult by adding bogus > entries in the DB to confuse the hacker even further ;-) Since I am not a masochist, I will refrain from these methods. :) Sean ----------------------- sean-freebsd@farley.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020531123840.Y7412-100000>