CGI Tutorial

Steve Holden steve at
Mon Oct 9 09:33:51 CEST 2006

Lawrence D'Oliveiro wrote:
> In message <mailman.1374.1160073684.10491.python-list at>, Steve
> Holden wrote:
>>Credit card numbers should be encrypted in the database, of course, but
>>they rarely are (even by companies whose reputations imply they ought to
>>know better).
> How would encryption help? They'd still have to be decrypted to be used.

Indeed they would, but with proper key management the probability that 
they can be stolen from a database in their plaintext form is rather 
lower. Just last week a police employee in my class told us of an 
exploit where a major credit card copmany's web site had been hacked 
using a SQL injection vulnerability. This is usually done with the 
intent of gaining access to credit card data.

Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC/Ltd
Skype: holdenweb
Recent Ramblings

More information about the Python-list mailing list