> > The catalog too - consider what happens when part numbers get scrambled -
> > ordering an inexpensive video card could get switched for an entire PC.
>
> Yes, but that is far less damaging than compromising the credit card numbers
> and whatnot of the entire customer base.
Anyone directly exposing databases of credit information on their internet
machines deserves a negligence suit.
A proper setup looks like this
--[firewall]---[Web box] -serialline- [backend]
The serial line takes a fixed command set to a verified small code daemon on
the backend side. It has commands for 'store credit details' it has NO
command for 'retrieve credit card number'. You don't need that functionality
on the front end boxes.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:14 EST