Orson Jones wrote:
https is perfectly fine. The thing that worries, is what happens after it hits
the server. (is it stored in an unencrypted format, is it stored longer than
necessary, is it transmitted elsewhere securely? etc.)
Orson
I agree. However, if encrypted properly in the database, is there a
"longer than necessary"? Once on their server, perhaps it's less secure
to have to request the card number again than to keep the number
encrypted on the server.
Brandon Stout
http://mscis.org
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
