CGI Tutorial
Steve Holden
steve at holdenweb.com
Mon Oct 9 03:33:51 EDT 2006
Lawrence D'Oliveiro wrote:
> In message <mailman.1374.1160073684.10491.python-list at python.org>, Steve
> Holden wrote:
>
>
>>Credit card numbers should be encrypted in the database, of course, but
>>they rarely are (even by companies whose reputations imply they ought to
>>know better).
>
>
> How would encryption help? They'd still have to be decrypted to be used.
Indeed they would, but with proper key management the probability that
they can be stolen from a database in their plaintext form is rather
lower. Just last week a police employee in my class told us of an
exploit where a major credit card copmany's web site had been hacked
using a SQL injection vulnerability. This is usually done with the
intent of gaining access to credit card data.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden
More information about the Python-list
mailing list