Re: using mySQL to store credit card info
Could it be a good idea to store the key in a "web-application only readable" file in a non-web accessible directory ?
Example:
The path to the web site: /home/httpd/www/
The path to the key: /home/httpd/include/
The web-application is running as "webd" user and the file is readable only by that user.
File could be binary and encrypted to increase security using web-application or a binary program on the server itself.
Path to the file-encoder:
/usr/sbin/
So the only way to read the file would be to loggon the server itself as "super user". Credit card data or other data is then protect by web-application encryption using a key that is stored in a file encrypted.
Any comment ? Is it a good idea ? Is there some leak point ?
Michael Plourde
Subject
Views
Written By
Posted
27612
February 03, 2005 03:44PM
11543
March 29, 2005 07:54AM
9698
June 26, 2005 10:25PM
10545
July 23, 2005 10:39PM
14569
September 08, 2005 06:04AM
24127
September 08, 2005 06:47AM
7895
September 20, 2005 09:00AM
7412
November 21, 2005 11:09PM
7013
November 28, 2005 05:36AM
6823
November 28, 2005 08:21PM
6887
November 29, 2005 05:51PM
6823
February 18, 2006 06:34PM
6404
April 06, 2006 09:41AM
6677
April 07, 2006 01:28PM
7134
April 19, 2006 08:23PM
9399
May 08, 2006 04:33PM
9128
October 04, 2006 09:11AM
Re: using mySQL to store credit card info
6286
February 20, 2008 12:58PM
6466
February 20, 2008 01:24PM
6353
January 06, 2007 07:26PM
5239
February 16, 2009 07:37PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.