I AM going to accept CC's on my site. I am NOT going to store them anywhere... and I DO think the original question is valid. If a hacker is able to gain root access they may be able to obtain a CCN from memory on my server... Perhaps a hacker breaks into a number of sites and harvests 1 or 2 numbers from each a day... It is not nearly as bad as having someone get full access to all the CCN's you have stored in DB (if you were dumb enough to do that), but it could still cause lots of problems... So, it doesn't seem like anyone is aware of a way to make PHP paranoid about such things... Perhaps their is a lower level way to get linux to scrub an address space when a process exits? I will google.... On Tue, 08 Feb 2005 10:57:16 -0500, trlists@xxxxxxxxxx <trlists@xxxxxxxxxx> wrote: > On 8 Feb 2005 Jochem Maas wrote: > > > don't agree - I'd rather be cautious on a hunch, especially given that I > > have no means to personally verify the risk other than in terms of total > > financial ruin if a real problem occurs even once. besides its a moot point > > there is no need to handle creditcard info in 99.99999999999% of all cases > > (the rest being covered by amazons,paypals,etc) > > Well OK, there is no urgent *need*. But accepting credit cards is a > valid and useful approach for many sites. The worst-case imagined > distasters do not make this less true. > > I cannot verify in advance that a car driven by a drunk driver will not > drive down my street at the moment I walk out of the house, hit me on > the sidewalk, and kill me. I do not *need* to leave my house in most > cases, I could order almost everything I need to be delivered. But it > still does not make sense to stay in the house all the time (and there > are other dangers there anyway). > > The possibility of catastrophic consequences which you cannot control > is not a reason to always opt for the most cautious possible approach. > However I would agree it is a reason to thoughtfully assess the risks > and make a choice. > > > then again there are +-2billion people with limited/no access to running water... > > maybe we shouldn't blow the CCN thing out of proportion :-/ > > Good point. > > -- > Tom > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
