Re: A question of security

One thing jumps out at me from your description. I'd be wary of storing the credit card information in the database, even temporarily and even encrypted. You haven't said who can see that database, but some of your comments sound like some people can, and that the number is growing.

I'd suggest you get some in-house review of this if you can. We can comment more if you publish the code here, but you should show it to people with some responsibility to your company, too.

After Compline,
Zaxo

Comment on Re: A question of security

Replies are listed 'Best First'.
Re^2: A question of security by ropey (Hermit) on Mar 21, 2005 at 10:13 UTC
Hi Zaxo Yes in a ideal world I would agree, I am unfortunately stuck in a bad situation as I would ideally have some online payment gateway to use but thats not the case and the powers that be are happy. With access to the database, thats locked down pretty tight and everything is encrypted so I dont think thats a real risk, the risk is the users who have access to the billing system but thats the same for many other systems as well that staff can view users details... I just want to reduce the risk as much as I can	[reply]

Replies are listed 'Best First'.

Re^2: A question of security
by ropey (Hermit) on Mar 21, 2005 at 10:13 UTC

[reply]