comment on

I was bothered by Re: Re: (OT) SSL Certificates: Self-Signing and Alternative Solutions because it shows a fundamental misunderstanding of how easy it is to steal credit card databases.

???

That entire point of that node was that it is, in fact, really easy to nab CC nums from databases. So easy that you could throw away SSL entirely in many cases and the security of the entire system wouldn't substantially drop.

I agree that this statement might not be clear:

While we're bothering to educate users, why not explode the "Must Have Encryption on Credit Card Numbers" myth?

The myth concerns SSL, not the database server. You should always have encryption on the CC nums in the database, if you must store them at all.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

In reply to Re: Use placeholders. For SECURITY! by hardburn
in thread Use placeholders. For SECURITY! by tilly

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Syntactic Confectionery Delight
	PerlMonks