[nycphp-talk] client doesn't want security: what to do?
David Mintz
dmintz at davidmintz.org
Thu Jan 8 13:00:24 EST 2004
On Wed, 7 Jan 2004 bpang at bpang.com wrote:
> I don't think you've yet given away the identity of the potentially
> insecure website.
I suppose not. Bottom line: if my account or if the root account on the
server were compromised, people could steal credit card numbers (although
not the names of the owners or expiration dates) from the mysql database
where they are stored, and that could be a Bad Thing, it seems to me;
whereas if the numbers were being PGP/GPG-encrypted at https request time,
the Bad Guys would have to be immensely powerful and talented to steal
this information
Thanks to all for the nourishing food for thought.
---
David Mintz
http://davidmintz.org/
"Anybody else got a problem with Webistics?" -- Sopranos 24:17
More information about the talk
mailing list