On Tuesday 14 May 2002 10:28 am, Jeff Lasman wrote: > duncan gray wrote: > > I'm guessing that you would need something along this > > line. > > > > A SSL certificate for encrypting server - client > > communication. > > Encrypted DB. > > A firewall. > > > > Is there anything else? > > A secure way of getting the details off the system and into the hands of > someone. Either a secure (pgp/gpg) email system, OR a procedure for > sending the information to an email account on the box that you read > through webmail over a secure connection, or some other way of reading > the credit card information over a secure connection.
No *don't* store the info in a mail spool on the server unencrypted. > And how about a procedure in place to get those credit card numbers OFF > the system on a regular basis so if it is hacked, you won't end up on > the six-o'clock news. Again store and pop (deleting from the server) encrypted. When they get to the client, they are still safe as they are encrypted -- Gerald Waugh http://www.frontstreetnetworks.com :: Phone. [011] 203.785.0699 Front Street Networks LLC | SOHO Networks & Web Site Hosting 229 Front Street, Ste. #C, New Haven, CT, 06513-3203 United States _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
