Re: need advice about security

Tue, 16 Jan 2001 10:40:55 -0800 

Run a program behind a password protected area on the secure server. Have 
the program dump the data as a delimited text file and import it.  Your 
using SSL to protect both the access (username and passsword) and the 
data this way.  If you want to use pgp, dump to file and encrypt and then 
pick up with ftp.


On Fri, 12 Jan 2001, Robyn Renwick wrote:

> Date: Fri, 12 Jan 2001 21:21:17 -0800
> From: Robyn Renwick <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: need advice about security
> 
> 
> Hi everyone,
> 
> I use a MySQL database for the back end of our e-commerce site.  We take
> credit as one method of payment and the last 8 digits of the card number
> are stored in the database.  There is a web interface to the database from
> which I can get order information, but not the card number. I also can
> access the database through a MyODBC connection and MyAccess.  
> 
> In order to proceed with invoicing, I need to retrieve the card
> number (all 16 digits).  I can think of a couple of ways to do this:
> 
> 1. Change the web interface to include the card number.
> 
> 2. Bring the information into Access through the ODBC connection.
> 
> 3. Have the card number encrypted and sent through email, using PGP
> (this is the way we did it on our old system).
> 
> There may be others which I am not thinking of also.  Which method would be
> the most secure, or is there a better and more secure method which I
> haven't mentioned?  Any suggestions would be greatly appreciated.
> 
> take care,
> robynr
> 
> 
> 
> 
> Robyn Renwick, CPST (NIC 1998)
> Programmer, Buckingham Stencils, Inc.
> 
> 
> 
> 
> 
> 
> Robyn Renwick, CPST (NIC 1998)
> Programmer, Buckingham Stencils, Inc.
> 
> 
> 
> 
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
> 
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> 

Sincerely,

William Mussatto, Senior Systems Engineer
CyberStrategies, Inc
ph. 909-920-9154 ext. 27


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to