Reply to Re: [PHP] Storing CCN's Again...

Your name:

Reply:


Posted by Tony Di Croce on 02/08/05 18:37

I AM going to accept CC's on my site. I am NOT going to store them
anywhere... and I DO think the original question is valid. If a hacker
is able to gain root access they may be able to obtain a CCN from
memory on my server... Perhaps a hacker breaks into a number of sites
and harvests 1 or 2 numbers from each a day... It is not nearly as bad
as having someone get full access to all the CCN's you have stored in
DB (if you were dumb enough to do that), but it could still cause lots
of problems...

So, it doesn't seem like anyone is aware of a way to make PHP paranoid
about such things... Perhaps their is a lower level way to get linux
to scrub an address space when a process exits? I will google....


On Tue, 08 Feb 2005 10:57:16 -0500, trlists@clayst.com
<trlists@clayst.com> wrote:
> On 8 Feb 2005 Jochem Maas wrote:
>
> > don't agree - I'd rather be cautious on a hunch, especially given that I
> > have no means to personally verify the risk other than in terms of total
> > financial ruin if a real problem occurs even once. besides its a moot point
> > there is no need to handle creditcard info in 99.99999999999% of all cases
> > (the rest being covered by amazons,paypals,etc)
>
> Well OK, there is no urgent *need*. But accepting credit cards is a
> valid and useful approach for many sites. The worst-case imagined
> distasters do not make this less true.
>
> I cannot verify in advance that a car driven by a drunk driver will not
> drive down my street at the moment I walk out of the house, hit me on
> the sidewalk, and kill me. I do not *need* to leave my house in most
> cases, I could order almost everything I need to be delivered. But it
> still does not make sense to stay in the house all the time (and there
> are other dangers there anyway).
>
> The possibility of catastrophic consequences which you cannot control
> is not a reason to always opt for the most cautious possible approach.
> However I would agree it is a reason to thoughtfully assess the risks
> and make a choice.
>
> > then again there are +-2billion people with limited/no access to running water...
> > maybe we shouldn't blow the CCN thing out of proportion :-/
>
> Good point.
>
> --
> Tom
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Send REAL USPS letters from the Web!
http://www.quickymail.com

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация