On Tue, 2007-06-05 at 16:51 -0400, Andrew Sullivan wrote: > On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote: > > Unfortunately you still need to store them somewhere, and all systems can > > be hacked. > > Yes. I agree, in principle, that "don't store them" is the best > advice -- this is standard _Translucent Databases_ advice, too. For > the least-stealable data is the data you don't have. > > But if there is a business case, you have to do the trade off. And > security is always a tradeoff (to quote Schneier); just do it well. > (Someone else's advice about hiring a security expert to audit this > sort of design is really a good idea.) > > A Have you thought about setting up an account with PayPal, and having people pay through PayPal? Let PayPal deal with the security, and credit card info, after all it's what they do.
