[prev in list] [next in list] [prev in thread] [next in thread]
List: freetrade
Subject: [FreeTrade] Public, private keys
From: Kent Nguyen <kent () newyen ! com>
Date: 2000-02-26 21:11:26
[Download RAW message or body]
Storing CC in database through the use of public, private keys technology.
Not use if PHP has a function to handle this.
What I envision, on top of SSL. We can store CC plus expiration date in
database with great ease by encrypting the CC number with a public key.
The only way to decrypt it is through a private key. In essence, having a
hold of the database may render the thieves useless. It means that we
need to keep the private key in a very safe place ... perhaps in a smart
card.
Just a thought how we can secure customers data. We can rotate the public
key every so often.
Here are the list of security measures that I can think of:
1) IP logging
2) Mal formed URL logging
3) https
4) Admin account last login alert
5) 15-minutes logout after 5 unsuccessful attempts
6) encrypting CC# using a public key and put the private key somewhere
safe, like on a smart card
This is not a meant to be a solution all e-commerce security issues. The
best security is to disconnect your ethernet cable from the Internet.
That always work when you're under attack. :)
Kent Nguyen
------------------------------------------------------------
To subscribe: freetrade-on@list.working-dogs.com
To unsubscribe: freetrade-off@list.working-dogs.com
Site: http://www.working-dogs.com/freetrade/
Problems?: jon@working-dogs.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic