zen7 Posted December 4, 2002 Share Posted December 4, 2002 Credit card information is stored in a non encrypted format in the database. Should anybody hack the server and do a SQL dump they would have all the credit card numbers on the server? If orders are viewed in the admin section of OS Commerce that data would be passed in an unencrypted format, so a packet sniffer could grab it, right? Anybody have any suggestions on this? Donovan Link to comment Share on other sites More sharing options...
rseigel Posted December 4, 2002 Share Posted December 4, 2002 Quite simple actually: don't use the credit card module. Use paypal, 2checkout, authorize.net, any number of solutions out there that allow you to take credit cards without risking your customers cc numbers like this. Link to comment Share on other sites More sharing options...
thewitt Posted December 4, 2002 Share Posted December 4, 2002 If you run the admin module through an SSL link, a packet sniffer will not be able to pull out the credit card information. -t Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.