On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote: > > If he is a CC customer, the system (which I am DBA of) bills his > card directly, saving the customer much time and effort. So surely what you have is a completely separate system that has exactly one interface to it, that is signaled to provide a transaction number and that only ever returns such a transaction number to the "online" system, and that is very tightly secured, right? It is possible to make trade-offs in an intelligent manner, for sure, but you sure as heck don't want that kind of data stored online with simple reversible encryption. A -- Andrew Sullivan | ajs@xxxxxxxxxxxxxxx The whole tendency of modern prose is away from concreteness. --George Orwell
