Date: Tue, 07 Sep 2004 14:18:19 +0100 From: Peter Risdon <peter@circlesquared.com> To: FreeBSD Mail Lists <freebsd@untoldfaith.com> Cc: Questions <freebsd-questions@freebsd.org> Subject: Re: Update Databases from Webserver Message-ID: <413DB51B.6020804@circlesquared.com> In-Reply-To: <20040906233205.H1926@skutsje.san.webweaving.org> References: <32b19d296fd997fbb8e7d362d85321ef@untoldfaith.com> <20040906233205.H1926@skutsje.san.webweaving.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote: > > >>I would like to see how other people are updating backend databases >>(postgresql on FreeBSD, internal network) from a webserver (apache,php >>on FreeBSD, dmz network) through a firewall. Pretty much what I am >>trying to learn is how to take private information (credit card numbers, >>etc.) and write it to a backend database without leaving any huge holes >>for hacking. Should this be done or am I barking up the wrong tree, I'm afraid the awful truth is that if you need to ask this question here, you shouldn't be storing other people's credit card details on your server. You don't say why you'd want to do this. If you want to allow customers of an e-commerce site to avoid repeating their details whenever they want to buy, perhaps consider basing the payment backend around PayPal. The need for users to authenticate in order to make a payment hasn't brought e-Bay to its knees. If you want to use the numbers to confirm identity or something, you could store an encrypted version of the number and use that for comparison. But to start storing plaintext CC details on your system without being deeply expert in all the security issues raised would be very dangerous. And the high degree of monitoring needed for such a system would make it uneconomical without commensurately high volumes of business. Peter.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413DB51B.6020804>