[ic] How to get Credit Card # in admin
Thu, 5 Apr 2001 14:02:07 -0400
Quoting Bob Puff@NLE (firstname.lastname@example.org):
> > Not so. What happens when your system gets cracked? Credit card numbers are
> > there for the taking.
> If the system gets cracked, credit card numbers are there for the taking even
> if it's not in the admin. As was stated before, there are a few files that
> store the credit card number, that anyone with root access can easily find.
> Just have a look in the ORDERS directory. Plain text credit card numbers.
That is prior to using the recommended encryption. Before your store
goes live, you should set the main route encrypt_program to a good value:
Route main encrypt_program "gpg -r email@example.com -e -a --always-trust --batch"
or remove mv_credit_card_info from the etc/report file.
It is a difficult situation when distributing a program. If I remove
[value mv_credit_card_info] from the output, then we will get a slew of
questions about "where is the credit card info". If we set things up to
require GPG by default, then that makes things very difficult for testing.
I should probably remove the individual_track and track setting from the
default route, or set behavior when encrypt_program=null to say "CREDIT
CARD INFO REMOVED SINCE NOT ENCRYPTED". That second is better, I think,
and I will do it. We will have to live with the inevitable questions,
though I think it will be better now that GPG and PGP is in wide use.
Bottom line is, before enabling a catalog to go live, you should obtain
and set up GPG and set up for encryption as is recommended in the docs
Thinking about it, maybe I will set the demo to be:
Variable ENCRYPTOR echo Encryption not enabled yet.
Route main encrypt_program "__ENCRYPTOR__"
That should tell people what is going on, yet not cause encryption
errors in the checkout process. That is the ticket.
I may not always seem like it, but I am grateful for all the feedback
and ideas I get from all of you. Thanks, Bob.
Red Hat, Inc., 131 Willow Lane, Floor 2, Oxford, OH 45056
phone +1.513.523.7621 fax 7501 <firstname.lastname@example.org>
Fast, reliable, cheap. Pick two and we'll talk. -- unknown