From owner-freebsd-isp Fri May 31 10:42: 4 2002 Delivered-To: freebsd-isp@freebsd.org Received: from farley.org (dsl-64-194-106-77.telocity.com [64.194.106.77]) by hub.freebsd.org (Postfix) with ESMTP id 479A237B403 for ; Fri, 31 May 2002 10:41:58 -0700 (PDT) Received: from thor.farley.org (uhci84e247find5v@thor.farley.org [192.168.1.5]) by gw.farley.org (8.12.3/8.12.3) with ESMTP id g4VHftvF015060; Fri, 31 May 2002 12:41:56 -0500 (CDT) (envelope-from sean-freebsd@farley.org) Date: Fri, 31 May 2002 12:41:55 -0500 (CDT) From: Sean Farley X-X-Sender: sean@thor.farley.org To: Scott Gerhardt Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Web site security questions In-Reply-To: Message-ID: <20020531123840.Y7412-100000@thor.farley.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 29 May 2002 10:46, Scott Gerhardt wrote: > Just a basic suggestion: > > If you want to store passwords you can do a few things to make it more > difficult for the evil to steal them. > > Besides encrypting the DB entries you could limit potential exposure > by doing something as simple as separating the card numbers as several > different entries in separate tables/databases. You can also store the > personal information that is require for authentication (expiry date > and name) in different locations as well. I guess this could be > called low-tech obfuscation. > > By doing this, the potential hacker will have to breach several DB's > and then have to figure out how to assemble the pieces to make a valid > credit card. You could also make it more difficult by adding bogus > entries in the DB to confuse the hacker even further ;-) Since I am not a masochist, I will refrain from these methods. :) Sean ----------------------- sean-freebsd@farley.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message