Update Databases from Webserver
Peter Risdon
peter at circlesquared.com
Tue Sep 7 06:19:01 PDT 2004
> On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote:
>
>
>>I would like to see how other people are updating backend databases
>>(postgresql on FreeBSD, internal network) from a webserver (apache,php
>>on FreeBSD, dmz network) through a firewall. Pretty much what I am
>>trying to learn is how to take private information (credit card numbers,
>>etc.) and write it to a backend database without leaving any huge holes
>>for hacking. Should this be done or am I barking up the wrong tree,
I'm afraid the awful truth is that if you need to ask this question
here, you shouldn't be storing other people's credit card details on
your server.
You don't say why you'd want to do this. If you want to allow customers
of an e-commerce site to avoid repeating their details whenever they
want to buy, perhaps consider basing the payment backend around PayPal.
The need for users to authenticate in order to make a payment hasn't
brought e-Bay to its knees.
If you want to use the numbers to confirm identity or something, you
could store an encrypted version of the number and use that for comparison.
But to start storing plaintext CC details on your system without being
deeply expert in all the security issues raised would be very dangerous.
And the high degree of monitoring needed for such a system would make it
uneconomical without commensurately high volumes of business.
Peter.
More information about the freebsd-questions
mailing list