Date: Wed, 29 May 2002 10:46:59 -0600 From: Scott Gerhardt <scott@gerhardt-it.com> To: Sean Farley <sean-freebsd@farley.org>, Justin Lundy <jbl@subterrain.net> Cc: <freebsd-isp@FreeBSD.ORG> Subject: Re: Web site security questions Message-ID: <B91A6223.94B%scott@gerhardt-it.com> In-Reply-To: <20020529105505.W92401-100000@thor.farley.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Just a basic suggestion: If you want to store passwords you can do a few things to make it more difficult for the evil to steal them. Besides encrypting the DB entries you could limit potential exposure by doing something as simple as separating the card numbers as several different entries in separate tables/databases. You can also store the personal information that is require for authentication (expiry date and name) in different locations as well. I guess this could be called low-tech obfuscation. By doing this, the potential hacker will have to breach several DB's and then have to figure out how to assemble the pieces to make a valid credit card. You could also make it more difficult by adding bogus entries in the DB to confuse the hacker even further ;-) -- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B91A6223.94B%scott>