[Zope] Re: [ZCommerce] Secure storage of credit card info

Derek Simkowiak dereks@kd-dev.com
Thu, 8 Jun 2000 18:23:24 -0700 (PDT)


-> > You have a ZCommerce site.  You accept credit cards, and securely
-> > communicate with a CC processor to verify the transacton.  Now,

	Besides Bill's suggestion, keep all your servers behind a good
firewall.  One option is to use Linux IP Masquerading, having your
webserver *and* database server use 192.168.0.??? IP Addresses.  Then,
turn on port forwarding on your Masq server, so that all incoming requests
on port 80 go to (something like) port 8080 on your webserver, which then
responds to the request.

	You could just use an encrypted filesystem on the database server,
although that may be too slow (and possibly overkill?).  At that point
--assuming your firewall is secured-- you'd more or less need physical
access to your internal network to see those CC#s.  The only real danger
left is a misconfiguration (or bad code) in your webserver software.
(read: don't use IIS :)


--Derek