Re: after SSL
by "jssnoddy" <jss(at)abs.net>
|
| Date: |
Wed, 5 Jan 2000 00:32:57 -0500 |
| To: |
<hwg-business(at)hwg.org>,
"Keith Kaste" <kkaste(at)hotbot.com> |
| References: |
hotbot |
| |
todo: View
Thread,
Original
|
|
Keith:
The order log, or "sensitive information" should of course be located
within a protected directory on the server. The most common method of
protection is with .htaccess. However, if the log is not encrypted,
there is a slim chance that some nefarious types could hack it. The
safest bet is to store the order log on the server in some sort of
encrypted form - so if it is hacked, it will be useless. PGP can be used
for such a purpose. It is also a good idea to wipe the log off the
server as soon as possible after the transaction is completed.
HTH,
Jeff
www.cbbr.com/jssd
----- Original Message -----
From: Keith Kaste <kkaste(at)hotbot.com>
To: <hwg-business(at)hwg.org>
Sent: Tuesday, January 04, 2000 11:26 PM
Subject: after SSL
> Thanks for the informative responses. So SSL is an encryption method
for getting information from a browser to a server. My next question is:
what happens when the sensitive information is received? Say for example
a credit card number is stored in a data base on the server. Is that
credit card number in danger of being stolen from the server? How is
sensitive information protected once it gets to the server?
> Thanks,
> Keith Kaste
>
>
> HotBot - Search smarter.
> http://www.hotbot.com
>
HTML: hwg-business mailing list archives,
maintained by Webmasters @ IWA