[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
RE: [ic] Dumb security question
> -----Original Message-----
> From: interchange-users-admin@lists.akopia.com
> [mailto:interchange-users-admin@lists.akopia.com]On Behalf Of Doug
> Alcorn
> Sent: Monday, March 26, 2001 4:06 PM
> To: interchange-users@minivend.com
> Subject: Re: [ic] Dumb security question
>
>
> Jim <jdix@home.com> writes:
>
> > will credit card data stored on server (encrypted I assume) be
> > de-cypted when authorized user accesses data?
>
> IC does not store any credit-card information. After the order info
> is e-mailed out, the CC# is gone. Of course, you could hack IC to
This does not, however, seem to be the case on my default install
of the construct demo. The CC# is stored in 2 places in the
catalogs/consruct tree - all unencrypted (until the user sets up pgp).
The first place it goes is into the logs/tracking.asc file, all order
get appended to this file. The second place is in individual order
files in the orders/ directory. To prevent this you have to
specifically disable it. (I just re-wrote the template for what info
gets stored.)
> behave differently. In fact, you might be able to do it with order
> routes and not have to change IC code.
> --
> (__) Doug Alcorn (mailto:doug@lathi.net http://www.lathi.net)
> oo / PGP 02B3 1E26 BCF2 9AAF 93F1 61D7 450C B264 3E63 D543
> |_/ If you're a capitalist and you have the best goods and they're
> free, you don't have to proselytize, you just have to wait.
>
>
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users
>
_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users