Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Answer: How can I secure MySQL & CGI?

by cavac (Deacon)
on Jul 15, 2012 at 21:51 UTC ( #981935=categorized answer: print w/replies, xml ) Need Help??

Q&A > database programming > How can I secure MySQL & CGI? - Answer contributed by cavac

In modern systems, the handling of payment information (e.g. credit cards) is often implemented on a second server, not on the front-end one. The second server should have a tighter control (e.g. for starters, only very selected users can access it).

The front-end server then talks to the backend to initiate a payment/money transfer, and periodically checks if it succeeded or failed.

As mentioned above, sensitive information should also be encrypted. (In the case of passwords, salted hashes are usually the way to go.)

If your site is a low volume site, you could also hire one the the available online payment services; ask your bank what they suggest. This will take the legal and financial responsibility from you, and you might not have to pay back thousands of dollars if credit card information gets stolen (because you can show that you never asked for that information on your site but deferred the payment process to your bank).

Log In?

What's my password?
Create A New User
[Lady_Aleena]: I did it! I did it! I did it! # it eq made a page better with a browse feature instead of listing everything at once.

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (7)
As of 2017-05-28 07:28 GMT
Find Nodes?
    Voting Booth?