[Zope] Re: [ZCommerce] Secure storage of credit card info

R. David Murray bitz@bitdance.com
Thu, 8 Jun 2000 21:26:07 -0400 (EDT)


On Thu, 8 Jun 2000, Bill Anderson wrote:
> Personally, I would store the actual data on a seperate server, not
> accessible to the public.

Mmm.  Yes, that makes it more secure.  Still leaves the question
of encryption/decryption of the data and key management, but it
makes the cracking a lot less likely.  And Steve's EMarket 
product is designed for that scenario.

I'd like to also have a one-box solution, though.  Based on some
comments by one of the eTailor folks I'm now trying to see if I
can structure the user/merchant interface so that the server doesn't
need to decrypt the stuff without human intervention.

--RDM