At 8:07 AM -0700 6/4/03, Sunder wrote: >Depends on how it gets passed from the web servers to that computer. If >it's encrypted with a public key on the web server that only the database >has the private half, you're safe from someone sniffing that "proprietary >one-way interface." > >However, if somone's already broken into the web server, they can collect >the cc:'s before they get sent to the secure db. > >So if you're an old Amazon customer and don't change your CC >BEFORE< >someone hacks into their web server, you're safe. > >It's certainly better than storing all CC's on the web server. > >Now if those CC's are in raw text on the DB end, Amazon is up shit's creek >if someone walks away with a db dump, backup tape, or whatever. > >.... > >However, this is in a lot of ways MORE secure than handing that waiter or >store clerk your CC. Remember that nice yellow slip has your signature, >CC number and expiration date on it. Very useful for an attacker. >Infact, they likely had physical access to the CC and have that extra 3 >digit # on the back too. > >... > >I feel safer with Amazon's use of my CC than the above, don't you?
Well, I've only ordered from Amazon 2 or 3 times since they've been in business. Having my CC on file gives a much longer exposure time than the brief periods of time it would be "in transit". So, no I don't feel much safer. The $50 limit on unauthorized charges is what makes me feel safer. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA