[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re:[2] [cobalt-users] payment method
- Subject: Re:[2] [cobalt-users] payment method
- From: RaQ3 <cobalt@xxxxxxxxxxx>
- Date: Mon Feb 12 06:35:49 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Bill" <bill@xxxxxxxxxxxxxxxxxxxx> wrote on 11.02.01 08:13:38:
>
>>>I can put the info into a MySQL table but again, I'm not comfortable
>enough
>>>with the security to do this
>>>But I really do want the ability to let the host keep the cc info on hand
>>>and then they've got it for monthly billing, extra fees for time spent
>>>helping the customer, etc.
>
>>>Does anyone have any suggestions about where I can dump the cc info and be
>>>confident that it's safe?
>
>You have mentioned a very important point. You should not store CC or other
>private info on a RaQ or any other server with other hosted clients. MySQL
>is secure enough, in my opinion, but most people use PHP as the frontend.
>Of course, on the RaQ, in a shared hosting enviroment with Telnet or SSH,
>your customers could simply telnet or SSH in and look into your directory
>where your PHP files are. They could simply vi the php file that connects
>to your db and get your login info and then access the CC info.
>
>We keep our customer info in a MySQL database, but, on a server that is used
>only for that purpose. It seems like a waste of a lot of server to have
>only a database, but if security is a major concern, and it should be
Hi Bill !
I don't understand your approach. If you have only MySQL on this server, it
means that you are running the php-files on another server. I could walk into
this, pick the .php-files, read them - and connect to your MySQL-Server.
Where is the difference ?
Thomas
--
InternAd.de
Internet Advertising
Thomas Prosi
tp@xxxxxxxxxxx