Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Answer: How can I secure MySQL & CGI?

by russmann (Initiate)
on Dec 11, 2001 at 04:17 UTC ( #130820=categorized answer: print w/replies, xml ) Need Help??

Q&A > database programming > How can I secure MySQL & CGI? - Answer contributed by russmann

Credit card information should ALWAYS be encrypted if it is stored on disk anywhere, and/or transfered over any wire anywhere. I use PGP/GPG to encrypt CC info written to a MySQL database. The field it writes to is of type TEXT. Encrypting the actual CC data ensure that even if unauthorized people get access to your database, they can't do anything heinous with the data.

Replies are listed 'Best First'.
Re: Answer: How can I secure MySQL & CGI?
by dws (Chancellor) on Dec 11, 2001 at 04:41 UTC
    If you want to secure credit card info, ensure that those bits never resides on a disk visible to the web server, and ensure that database passwords are not directly visible to the web server box. In short, your CGIs will need to communicate with an off-web-server process that has access to the database. (dws)Re: Encrypting Credit card numbers discusses this at greater length.

Log In?
Username:
Password:

What's my password?
Create A New User
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (8)
As of 2016-12-08 18:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (144 votes). Check out past polls.