Jesse Pollard writes:
> On Fri, 25 Feb 2000, Alan Cox wrote:
>> Anyone directly exposing databases of credit information on their internet
>> machines deserves a negligence suit.
>>
>> A proper setup looks like this
>>
>> --[firewall]---[Web box] -serialline- [backend]
>>
>> The serial line takes a fixed command set to a verified small code
>> daemon on the backend side. It has commands for 'store credit details'
>> it has NO command for 'retrieve credit card number'. You don't need
>> that functionality on the front end boxes.
>
> Actually the credit card info has to be passed to the backend for
> storage/validation. It just doesn't need to be stored on the
> front end. The front end might support the checkout procedures.
>
> What I'm experimenting with is/would be setup as:
>
> --[firewall]---{[Web server] -security interface- [backend] }
> { MLS + capability box }
One can run 41000 Linux systems on a single S/390 mainframe.
Each web script could live in a private virtual machine.
The firewall, web servers, and backend all go in one big box.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:22 EST