CGI Tutorial

Steve Holden steve at holdenweb.com
Mon Oct 9 09:33:51 CEST 2006


Lawrence D'Oliveiro wrote:
> In message <mailman.1374.1160073684.10491.python-list at python.org>, Steve
> Holden wrote:
> 
> 
>>Credit card numbers should be encrypted in the database, of course, but
>>they rarely are (even by companies whose reputations imply they ought to
>>know better).
> 
> 
> How would encryption help? They'd still have to be decrypted to be used.

Indeed they would, but with proper key management the probability that 
they can be stolen from a database in their plaintext form is rather 
lower. Just last week a police employee in my class told us of an 
exploit where a major credit card copmany's web site had been hacked 
using a SQL injection vulnerability. This is usually done with the 
intent of gaining access to credit card data.

regards
  Steve
-- 
Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC/Ltd          http://www.holdenweb.com
Skype: holdenweb       http://holdenweb.blogspot.com
Recent Ramblings     http://del.icio.us/steve.holden




More information about the Python-list mailing list