Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Sep 2004 23:38:10 -0700 (PDT)
From:      Dirk-Willem van Gulik <dirkx@webweaving.org>
To:        FreeBSD Mail Lists <freebsd@untoldfaith.com>
Cc:        Questions <freebsd-questions@freebsd.org>
Subject:   Re: Update Databases from Webserver
Message-ID:  <20040906233205.H1926@skutsje.san.webweaving.org>
In-Reply-To: <32b19d296fd997fbb8e7d362d85321ef@untoldfaith.com>
References:  <32b19d296fd997fbb8e7d362d85321ef@untoldfaith.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote:

> I would like to see how other people are updating backend databases
> (postgresql on FreeBSD, internal network) from a webserver (apache,php
> on FreeBSD, dmz network) through a firewall.  Pretty much what I am
> trying to learn is how to take private information (credit card numbers,
> etc.) and write it to a backend database without leaving any huge holes
> for hacking.  Should this be done or am I barking up the wrong tree,
> should there be an intermediary step?  I have been trying to find
> information books/web that gives a real nuts and bolts way of trying to
> do this stuff and am not having a lot of luck.  Any pointers books or
> sites would be appreciated.

First thing to consider - do you -have- to store things like credit card
numbers ? Most clearing houses can be negotiated with on-line; during the
transaction and all you need to capture is an authorization ack. That
already makes things a lot safer.

Secondly - carefully consider what you need to have on your webserver; do
you really have to store a name/address there long term; or is a login and
some preferences enough ?

Thirdly consider making the flow a one way street: using things like a PGP
email with just the public key on the web server; i.e. shunt any private
information into an encrypted email - send it to your systems in-house;
and only have the decryption key behind the firewall; and thus only
keeping the bare essentials on your server.

Dw

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040906233205.H1926>