[thelist] Developing secure sites and waiving liability

Andy Warwick mailing.lists at creed.co.uk
Mon Jul 15 10:53:06 CDT 2002


>
> From: "Andy Warwick" <mailing.lists at creed.co.uk>
>
> > The current plan is to store the inputted credit card details in
> > plaintext in a mySQL database, so that they can be downloaded from a
> > secure link as a CSV file, then loaded into the end client's
database,
> > from where the cards can be charged using their normal systems.
>
> Why not have the script that processes the form write directly to an
> area on
> the clients already existing database... Then storage of credit card
> numbers
> is their problem.  Sounds like they already store this stuff anyway.
>
> Kristy

Because they don't have a permanent connection to the Internet and
aren't setup to take such data. :(

AFAICT, their 'current database' is a single Access database on one
machine in the office, and they don't currently store CC numbers; the
only reason for storage in this case, is to hold them until they are
processed.

This is the first time they have done anything like this and isn't meant
to be a permanent solution. Once the data is collected, the site will be
taken offline, and the file's deleted from the server/database and
stored locally.

Andy W



More information about the thelist mailing list