[ic] Dumb security question

Greg g.gaskill@aboron.com
Tue, 27 Mar 2001 09:27:37 -0500


> -----Original Message-----
> From: interchange-users-admin@lists.akopia.com
> [mailto:interchange-users-admin@lists.akopia.com]On Behalf Of Doug
> Alcorn
> Sent: Monday, March 26, 2001 4:06 PM
> To: interchange-users@minivend.com
> Subject: Re: [ic] Dumb security question
> 
> 
> Jim <jdix@home.com> writes:
> 
> > will credit card data stored on server (encrypted I assume) be
> > de-cypted when authorized user accesses data?
> 
> IC does not store any credit-card information.  After the order info
> is e-mailed out, the CC# is gone.  Of course, you could hack IC to

This does not, however, seem to be the case on my default install
of the construct demo.  The CC# is stored in 2 places in the
catalogs/consruct tree - all unencrypted (until the user sets up pgp).
The first place it goes is into the logs/tracking.asc file, all order
get appended to this file. The second place is in individual order
files in the orders/ directory.  To prevent this you have to
specifically disable it. (I just re-wrote the template for what info
gets stored.)


> behave differently.  In fact, you might be able to do it with order
> routes and not have to change IC code.
> -- 
>  (__) Doug Alcorn (mailto:doug@lathi.net http://www.lathi.net)
>  oo / PGP 02B3 1E26 BCF2 9AAF 93F1  61D7 450C B264 3E63 D543
>  |_/  If you're a capitalist and you have the best goods and they're
>       free, you don't have to proselytize, you just have to wait. 
> 
> 
> 
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users
>