[Zope] Re: [ZCommerce] Secure storage of credit card info

Steve Spicklemire steve@spvi.com
Fri, 9 Jun 2000 08:41:42 -0500 (EST)


>>>>> "RDM" == R David Murray <bitz@bitdance.com> writes:

    RDM> On Thu, 8 Jun 2000, Bill Anderson wrote:
    >> Personally, I would store the actual data on a seperate server,
    >> not accessible to the public.

    RDM> Mmm.  Yes, that makes it more secure.  Still leaves the
    RDM> question of encryption/decryption of the data and key
    RDM> management, but it makes the cracking a lot less likely.  And
    RDM> Steve's EMarket product is designed for that scenario.

    RDM> I'd like to also have a one-box solution, though.  Based on
    RDM> some comments by one of the eTailor folks I'm now trying to
    RDM> see if I can structure the user/merchant interface so that
    RDM> the server doesn't need to decrypt the stuff without human
    RDM> intervention.

When I was originally setting up EMarket I wanted to do a 'two-box'
solution, but I only had one box handy at the moment. I set up a
second Zope instance on the same box to handle transactions (behind
apache-ssl) and it worked pretty well for testing. Of course if you
have only one box for production, you could use the same setup. So
there's no reason to make a solution 'one box' or 'two box', but it
could be 'one box.. two Zopes!'. ;-)

-steve

    RDM> --RDM


    RDM> _______________________________________________ ZCommerce
    RDM> Mailing List - ZCommerce@codeit.com
    RDM> http://lists.codeit.com/mailman/listinfo/zcommerce