[snip] Some guys are shaking their heads in denial on this, but I swear to god, I have seen it. I am not making this [bleep] up. Credit card numbers have been sitting for YEARS in some boutique home-rolled shopping cart system MySQL database with the oh-so-clever username/password of nobody/nobody or www/www [/snip] ---------------------------- I know what you are talking about, I have seen that type of tables with literally thousands of CC numbers collected over the years, along with name on the card and expiry, of course. As a programmer it is your duty to report this to your client and to keep track, because if one day someone resells this list, you could be liable. Unless, of course, you are a Soprano. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php