[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] turn off cc security - ? on enc. file storage
On Wed, Nov 10, 1999 at 10:47:09AM -0500, Loy Ellen Gross wrote:
> ****** message to minivend-users from Loy Ellen Gross <design@iinc.com> ******
>
> >I am NOT saying to store the cc numbers in a 777 file in web space
> >and, yes, I have seen that.
>
> Ouch, for criminy's sake (question about this follows)
>
> Now, question: if you /were/ going to save order information in an
> encrypted file on your server but outside the web space - any suggestions
> for a place that is inaccessible by nouser so it could not be hacked?
> FYI, we use Apache with Stronghold. One of the problems I have with
> storing even tracking info is the fact that nouser could read it, so
> there might be a user on our machine (or who gets access to our machine
> via a poorly written CGI script) who could poke around and find that
> file. Comments? Criticisms? Suggestions? Complete implementations with
> your own experience? :-)
That confuses me. Are you running minivend with same
permissions/ownership as web server? Is "nouser" the
userid of your web server? Second step then is to set
it up minivend as its own userid with appropriate group.
First step is to get rid of user accounts on that machine.
Or do you mean nouser like nobody never ever? I won't
go there. ;^)
--
Christopher F. Miller, Publisher cfm@maine.com
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
