[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] MV4.04: userdb & credit card num ???
****** message to minivend-users from Mike Heins <mikeh@minivend.com> ******
Quoting OTR Comm (otrcomm**NO_SPAM**@wildapache.net):
>
> Hello,
>
> I thought that by design, MV did not save the credit card number to herd
> disk. However, I saw in my userdb table (MySQL) that the
> mv_credit_card_info field had the credit card number stored.
It saves it to the database if you have EncryptProgram set. It
is set to 'none' in the demo, and should be changed to GPG or
some other effective strong encryption.
>
> Also, mv_credit_card_type, mv_credit_card_exp_month, and
> mv_credit_card_exp_year were filled out with the correct info for the
> last transaction that my test user initiated.
>
> I deleted this information from the table and did another transaction
> with this same test user and the information did not come back that
> time.
>
> The questions are, why was it written in the first place, why are the
> fields even there (if we do not write this info to hard disk), and how
> can I be sure that it does not happen again?
Use encryption or don't use CreditCardAuto.
--
Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056
phone +1.513.523.7621 fax 7501 <mikeh@minivend.com>
Function in chaos, finish in style. -- Unknown
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
