On Feb 9, 2004, at 6:27 PM, Alvaro Zuniga wrote: > Hi Shannon: > This is the reason I am inquiring about this before I reply to this > requres. I do not want to compromise the security of the data and I > think this is as far as I can go saving CC info. It is already bad > enough to know that the data is as secure as the passphrase but I > guess that is not my problem, is it? I should probably look further > into the limits of the liability. > > What's a good place written in the cookbook fashion to chack on that? >
Personally, I have no idea where to find good info on this sort of thing. Unless of course you "Ask Slashdot" :-) But then again, you would get lots of the same stuff, and no real useful information. Is this a web business? As in, are customers coming to there website and placing orders? Or is this just a records keeping tool that is used internally in the company for the salespeople? I would think this would make a vast difference. Personally, I would find an attorney that would consult you on the issues for a reasonable amount. Shannon > > thanks, > > Alvaro Zuniga > > Shannon Roddy wrote: >> On Feb 9, 2004, at 5:54 PM, Jim Carter wrote: >>> What's the URL? >>> >>> Jim >> Yeah, we could all get rich overnight.... >> One other thing to think about though if you are acting as a >> consultant to this person and the CC #s get stolen, you may have some >> liability on your hands. IANAL but I would be hesitant to do this >> without checking into the limits of the liability. >> Shannon >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >>> Behalf Of Alvaro Zuniga >>> Sent: Monday, February 09, 2004 5:19 PM >>> To: [email protected] >>> Subject: [brlug-general] Securing Database Information >>> >>> >>> Hello everyone: >>> I have a question regarding saving credit card information to a >>> database. This is what I normally do although my preference is not >>> to do >>> >>> it at all of course: >>> >>> 1. use a SSL connection >>> 2. encrypt with a passphrase obtained from the user >>> 3. send the encrypted data to a database and then using something >>> further like ENCODE in the case of MySQL. >>> >>> Then, to show data to the user I reverse the process. >>> >>> My question is: what is the safest way if any, to obtain critical >>> data >>> from multiple users and show this data to others. This data will be >>> internet accessible on a shared hosting environment. >>> >>> This is for someone who insists in having the credit card >>> information on >>> >>> the database, against my advise and who knows why. I figured using >>> encryption would take care of that but it is limited to one user or >>> at >>> least one user knowing the passphrase. Now this application needs to >>> be >>> expanded to have multiple sale representatives. How do I go about >>> that! >>> >>> Thank you for your help. >>> >>> Alvaro Zuniga >>> >>> >>> _______________________________________________ >>> General mailing list >>> [email protected] http://brlug.net/mailman/listinfo/general_brlug.net >>> >>> >>> _______________________________________________ >>> General mailing list >>> [email protected] >>> http://brlug.net/mailman/listinfo/general_brlug.net >>> >> -- >> Shannon Roddy >> LIGO - Caltech >> 225.686.3106 (work) >> 225.933.7821 (cell) >> [EMAIL PROTECTED] >> _______________________________________________ >> General mailing list >> [email protected] >> http://brlug.net/mailman/listinfo/general_brlug.net > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > -- Shannon Roddy LIGO - Caltech 225.686.3106 (work) 225.933.7821 (cell) [EMAIL PROTECTED]
