Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Answer: How can I secure MySQL & CGI?

by cavac (Curate)
on Jul 15, 2012 at 21:51 UTC ( #981935=categorized answer: print w/replies, xml ) Need Help??

Q&A > database programming > How can I secure MySQL & CGI? - Answer contributed by cavac

In modern systems, the handling of payment information (e.g. credit cards) is often implemented on a second server, not on the front-end one. The second server should have a tighter control (e.g. for starters, only very selected users can access it).

The front-end server then talks to the backend to initiate a payment/money transfer, and periodically checks if it succeeded or failed.

As mentioned above, sensitive information should also be encrypted. (In the case of passwords, salted hashes are usually the way to go.)

If your site is a low volume site, you could also hire one the the available online payment services; ask your bank what they suggest. This will take the legal and financial responsibility from you, and you might not have to pay back thousands of dollars if credit card information gets stolen (because you can show that you never asked for that information on your site but deferred the payment process to your bank).

Log In?

What's my password?
Create A New User
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (5)
As of 2020-09-28 15:40 GMT
Find Nodes?
    Voting Booth?
    If at first I donít succeed, I Ö

    Results (144 votes). Check out past polls.