Hmm... this is an intresting solution if the credit card number never gets passed back to the webserver or the intermediate server.
- CC number gets sent to DB server and gets returned a "key" to reference it for storage in the noncritical database.
- Uses said reference "key" to request that the card be processed.
- Intermediate server sends request to CC storage server who then processes the card and sends the request code to intermediate server who sends to webserver.
- Billing software sends "key" to intermediate server with a price to be billed.
- intermediate server relays request to database server who then processes card and sends response code back
- Intermediate server returns status code to webserver
I dont see any real problems in this process. Credit cards go in but they dont come out.
insert into pete values('red hair','near green eyes','overinflated ego');