Reza - Voipernetics wrote:
Hello Duane:
As this is more of a technical discussion, lets stick to the technical
side of things, versus philosophical differences, speculations of what
someone else did on their resumes and cost versus benefits analysis.
" I the attacker has physical access to the box they could also employ
techniques to cool the RAM chips and then pull the data off them. " --
Very true! And all the more, more important to find some sort of
encryption level protection.
My point was, just because someone claims something, it doesn't make it so.
Or to put it another way, just because someone claims it's possible with
an apache module *might* make recovery more difficult, although highly I
doubt it, since even C code can be decompiled into ASM, or easier still
just run 'strings' against the binary to pull out text info.
If it were me, and I've done this in the past, I outsource handling of
CC info to a payment gateway company and make storing and protecting the
data their problem.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
