On Fri, April 21, 2006 5:09 am, Jochem Maas wrote: > Nicolas Verhaeghe wrote: > get ready for a 'Richard Lynching' with regard to the CC statement. > ;-)
Oh, let's do the children's version today. :-) You know that game Hot Potato? Yeah? Good. A CC # is just like the Hot Potato in that game. You do NOT want it in your hands a nano-second longer than it has to be. [subtle shift to adult computer design version] You certainly don't want to put it into anything like permanent storage like your database or on your hard drive! You want to hand it off to your Merchant Account API ASAP!, and you want to ERASE that CC number from your memory banks *FOREVER* as totally wiped out gone forever as you can. If you could, you'd like to apply a Stun Gun right to that portion of RAM and just WASTE the 16 bytes into a burned-out shell of useless nano-circuitry... Okay, that's a little extreme (and impossible) but it is not that far off from the desired philosophical goal. Every beginner on the planet seems to make this mistake, at least in their initial design. I know quite a few have made it all the way past development, implementation, review, launch, and long-term usage! Some guys are shaking their heads in denial on this, but I swear to god, I have seen it. I am not making this [bleep] up. Credit card numbers have been sitting for YEARS in some boutique home-rolled shopping cart system MySQL database with the oh-so-clever username/password of nobody/nobody or www/www Hell, I'll even posit that SOME have managed to configure MySQL with % access for the hostname -- Though I personally have never seen that. I can only hope that my continued (and freely-admitted annoying) rant on this topic stops at least ONE beginner from making this mistake. Cuz god knows somebody on this list was kind enough to stop ME a decade ago when I was about to do it, and it's foolish, incredibly risky, and carries penalties beyond comprehension. Thanks. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
