comment on

In modern systems, the handling of payment information (e.g. credit cards) is often implemented on a second server, not on the front-end one. The second server should have a tighter control (e.g. for starters, only very selected users can access it).

The front-end server then talks to the backend to initiate a payment/money transfer, and periodically checks if it succeeded or failed.

As mentioned above, sensitive information should also be encrypted. (In the case of passwords, salted hashes are usually the way to go.)

If your site is a low volume site, you could also hire one the the available online payment services; ask your bank what they suggest. This will take the legal and financial responsibility from you, and you might not have to pay back thousands of dollars if credit card information gets stolen (because you can show that you never asked for that information on your site but deferred the payment process to your bank).

In reply to Re: How can I secure MySQL & CGI? by cavac
in thread How can I secure MySQL & CGI? by Kozz

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Come for the quick hacks, stay for the epiphanies.
	PerlMonks