Mark Kent wrote:
> begin oe_protect.scr
> sfletcher@xxxxxxxx <sfletcher@xxxxxxxx> espoused:
> > No customer credit card data at Dabs is stored on a "web-connected
> > windows machine" as you suggested. Customer data is stored on our
> > in-house, back-end application which does not run on a Windows
> > platform.
>
> Good - perhaps your site should say so?
It always has - in our Security Policy at
http://www.dabs.com/contenttopic.aspx?ContentType=Help&ArticleID=131.
> What if the webserver machine is compromised? It looks to me like it
> would be an easy matter to grab every set of credit card info as it came
> in?
Quite possible. But then, this isn't a problem specific to Dabs. It
would be prevalent in any online ordering system that takes new credit
card details over the web. Amazon, Play, Ebuyer, you name it, they
could suffer from it.
> > and our webserver, they'd still only be able to see part of the credit
> > card data.
>
> And if the webserver machine itself is compromised, what then?
I re-iterate - "they'd still only be able to see part of the credit
card data."
> > I'm also unsure as to what relevance this thread has to do with Linux
> > advocacy - it looks more like MS bashing to me! :-)
>
> Really? I thought it looked more like dabs bashing. I must've misread
> something I wrote :-)
Oh well - still wildly OT!
> | Mark Kent -- mark at ellandroad dot demon dot co dot uk |
> In order to get a loan you must first prove you don't need it.
Steven Fletcher
Senior Systems Support Technician
dabs.com PLC
|
|
