Update Databases from Webserver

Peter Risdon peter at circlesquared.com
Tue Sep 7 06:19:01 PDT 2004

> On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote:
>>I would like to see how other people are updating backend databases
>>(postgresql on FreeBSD, internal network) from a webserver (apache,php
>>on FreeBSD, dmz network) through a firewall.  Pretty much what I am
>>trying to learn is how to take private information (credit card numbers,
>>etc.) and write it to a backend database without leaving any huge holes
>>for hacking.  Should this be done or am I barking up the wrong tree,

I'm afraid the awful truth is that if you need to ask this question 
here, you shouldn't be storing other people's credit card details on 
your server.

You don't say why you'd want to do this. If you want to allow customers 
of an e-commerce site to avoid repeating their details whenever they 
want to buy, perhaps consider basing the payment backend around PayPal. 
The need for users to authenticate in order to make a payment hasn't 
brought e-Bay to its knees.

If you want to use the numbers to confirm identity or something, you 
could store an encrypted version of the number and use that for comparison.

But to start storing plaintext CC details on your system without being 
deeply expert in all the security issues raised would be very dangerous. 
And the high degree of monitoring needed for such a system would make it 
uneconomical without commensurately high volumes of business.


More information about the freebsd-questions mailing list