Lawrence D'Oliveiro wrote: > In message <[EMAIL PROTECTED]>, Steve > Holden wrote: > > >>Credit card numbers should be encrypted in the database, of course, but >>they rarely are (even by companies whose reputations imply they ought to >>know better). > > > How would encryption help? They'd still have to be decrypted to be used.
Indeed they would, but with proper key management the probability that they can be stolen from a database in their plaintext form is rather lower. Just last week a police employee in my class told us of an exploit where a major credit card copmany's web site had been hacked using a SQL injection vulnerability. This is usually done with the intent of gaining access to credit card data. regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://holdenweb.blogspot.com Recent Ramblings http://del.icio.us/steve.holden -- http://mail.python.org/mailman/listinfo/python-list