From owner-freebsd-questions@FreeBSD.ORG Tue Sep 7 14:49:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9041616A4DF for ; Tue, 7 Sep 2004 14:49:15 +0000 (GMT) Received: from mail.redinsight.com (h-64-105-153-10.dnvtco56.covad.net [64.105.153.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E3FB43D2F for ; Tue, 7 Sep 2004 14:49:14 +0000 (GMT) (envelope-from freebsd@untoldfaith.com) Received: from localhost by mail.redinsight.com (Merak 7.5.2) with SMTP id GPA74531; Tue, 07 Sep 2004 08:49:14 -0600 Date: Tue, 07 Sep 2004 08:49:14 -0600 From: "FreeBSD Mail Lists" To: Questions Message-ID: <9c08c42717771b148b9fed3e1aa1f7d2@untoldfaith.com> X-Mailer: IceWarp Web Mail 5.3.0 X-Originating-IP: 64.215.224.212 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Peter Risdon Subject: Re: Update Databases from Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 14:49:15 -0000 Peter, Thanks for your response. In response to > You don't say why you'd want to do this. If you want to allow customers > of an e-commerce site to avoid repeating their details whenever they > want to buy, perhaps consider basing the payment backend around PayPal. > The need for users to authenticate in order to make a payment hasn't > brought e-Bay to its knees. Pretty much the end result would be Amazon like with the customer being able to choose a previously used card. Is this possible without storing credit card numbers or using paypal? Anyway thanks everyone for their replies thus far any input helps. -Troy -----Original message----- From: Peter Risdon peter@circlesquared.com Date: Tue, 7 Sep 2004 07:18:22 -0600 To: FreeBSD Mail Lists freebsd@untoldfaith.com Subject: Re: Update Databases from Webserver > I'm afraid the awful truth is that if you need to ask this question > here, you shouldn't be storing other people's credit card details on > your server. > > > If you want to use the numbers to confirm identity or something, you > could store an encrypted version of the number and use that for comparison. > > But to start storing plaintext CC details on your system without being > deeply expert in all the security issues raised would be very dangerous. > And the high degree of monitoring needed for such a system would make it > uneconomical without commensurately high volumes of business. > > Peter.