Re: Security in Application
Re: Security in Application
- Subject: Re: Security in Application
- From: Chuck Hill <email@hidden>
- Date: Thu, 15 Jun 2006 16:57:33 -0700
What do you mean by "secured read/write in our database"? If someone
has hacked into your machine and has access to your DB, you have
serious problems. The first obvious step is to have the form
submitted over HTTPS. You could also encrypt the CC number in the
database, but if they can get to the database, they can probably get
to your code to reverse engineer it. The most secure way is to NOT
store the number. Make the user enter it every time, only keep it in
memory, discard it as soon as you have processed the transaction.
Short of an in-memory attack, this is pretty secure.
Chuck
(who had his card info hacked out of a crappy PHP site recently)
On Jun 15, 2006, at 4:19 PM, PS ps wrote:
Hi All,
We need to capture credit card information in our web
object application. Could anyone suggest the security
features that should be incorporated , to ensure
secured read/write in our database?
Thanks a lot!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40global-village.net
This email sent to email@hidden
--
Coming in late 2006 - an introduction to web applications using
WebObjects and Xcode http://www.global-village.net/wointro
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems. http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden