[thelist] Inexpensive E-Commerce

Beau Hartshorne beau at members.evolt.org
Fri Jun 22 11:27:56 CDT 2001


I'm still not very comfortable with storing a bunch of credit card
information in a database somewhere. You've convinced me that I should
really store all of the order information (sans credit card) in an SQL
database. This way if an email bounces into obliteration, my client will
know which order he did not fulfill. (I could ask him to print each order
out, put it in a binder, delete the email message, and compare the orders
in his binder to whatever's stored in the sql database.)

What kind of security are you giving your admin sections and SQL databases
with all this credit card info? And how far away are they from the order
page? (Is it on a different server, etc.)

Beau

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Warden, Matt
Sent: June 22, 2001 8:58 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] Inexpensive E-Commerce

They *can't* delete an order unless they somehow get direct access to the
database. I NEVER delete orders. They can be "deleted" by the shop owner,
but that simply hides it from view in the admin section (IOW, it's still in
the database if they really need it).





More information about the thelist mailing list