[ic] Dumb security question
Tue, 27 Mar 2001 09:27:37 -0500
> -----Original Message-----
> From: email@example.com
> [mailto:firstname.lastname@example.org]On Behalf Of Doug
> Sent: Monday, March 26, 2001 4:06 PM
> To: email@example.com
> Subject: Re: [ic] Dumb security question
> Jim <firstname.lastname@example.org> writes:
> > will credit card data stored on server (encrypted I assume) be
> > de-cypted when authorized user accesses data?
> IC does not store any credit-card information. After the order info
> is e-mailed out, the CC# is gone. Of course, you could hack IC to
This does not, however, seem to be the case on my default install
of the construct demo. The CC# is stored in 2 places in the
catalogs/consruct tree - all unencrypted (until the user sets up pgp).
The first place it goes is into the logs/tracking.asc file, all order
get appended to this file. The second place is in individual order
files in the orders/ directory. To prevent this you have to
specifically disable it. (I just re-wrote the template for what info
> behave differently. In fact, you might be able to do it with order
> routes and not have to change IC code.
> (__) Doug Alcorn (mailto:email@example.com http://www.lathi.net)
> oo / PGP 02B3 1E26 BCF2 9AAF 93F1 61D7 450C B264 3E63 D543
> |_/ If you're a capitalist and you have the best goods and they're
> free, you don't have to proselytize, you just have to wait.
> Interchange-users mailing list