On 6/2/06, Bill Barker <[EMAIL PROTECTED]> wrote:
TC 3.3.x had an optional module to do this. It never got ported.
I generally agree with most of the people that say that this is the least of
your problems. If you are usings a self-signed cert, then you are just
getting what you deserve. Otherwise, you simply contact the CA and revoke
the cert: At least this problem solved :). Now, how to deal with the fact
that the hacker just uploaded 10,000 credit-card numbers, since my jdbc
password was in the clear :).
Actually you are not allowed to save credit card numbers unless you
are a certified payment provider (which implies major security
constraints).
Even a certified payment provider is not allowed to store cvc codes,
and without the codes the credit card numbers are useless. (amazon of
course is an exception to this rule...)
However, if you saving cc-numbers or bank accounts or any other
payment related data in your database unencrypted you belong in jail
:-)
But please feel free to tell us that you are doing one of the above,
so we know which sites to avoid :-)
regards
leon
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
