On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote:
> I would like to see how other people are updating backend databases > (postgresql on FreeBSD, internal network) from a webserver (apache,php > on FreeBSD, dmz network) through a firewall. Pretty much what I am > trying to learn is how to take private information (credit card numbers, > etc.) and write it to a backend database without leaving any huge holes > for hacking. Should this be done or am I barking up the wrong tree, > should there be an intermediary step? I have been trying to find > information books/web that gives a real nuts and bolts way of trying to > do this stuff and am not having a lot of luck. Any pointers books or > sites would be appreciated. First thing to consider - do you -have- to store things like credit card numbers ? Most clearing houses can be negotiated with on-line; during the transaction and all you need to capture is an authorization ack. That already makes things a lot safer. Secondly - carefully consider what you need to have on your webserver; do you really have to store a name/address there long term; or is a login and some preferences enough ? Thirdly consider making the flow a one way street: using things like a PGP email with just the public key on the web server; i.e. shunt any private information into an encrypted email - send it to your systems in-house; and only have the decryption key behind the firewall; and thus only keeping the bare essentials on your server. Dw _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
