[ic] Credit Card Info

Robert Trembath interchange-users@interchange.redhat.com
Mon Nov 5 12:35:05 2001


Jim,

I appreciate your comments and I'm just as concerned about security as
the next guy, everything we do with IC is behind our firewall including
the client picking up the mail, the same firewall. Not every application
requires encryption. I hear you, it can't hurt to use it, but some
applications simply don't require its use. I as a consultant and a
developer have little time to devote to being forced to use something I
don't need for a given application.(That's MS's game). And not all of us
are extremely talented Linux admin.'s. I've been using Linux a few years
now in a production environment and like it, but I still have a lot to
learn. That doesn't make me stupid or anyone else here for that manner.
That's why I use this list. That's why I use Both MS and Linux as well
as many Open Source Applications and program solely in PHP, MySQL and
IC.

I wrote this list several time about quite a few issues with no answers
from anyone. I finally had to email someone off-list who I judged to be
knowledgeable by reading his input to others and he pointed me in the
right direction. Some people on this list knew how to work around this
issue and simply didn't post a solution( including those at RH most
familiar with IC.) This feature was not forced in any previous releases
prior to 4.7 - 4.8.

Something that could've been resolved in ten minutes took days because
no one stepped forward to present the solution or a direction to a
solution. That cost me time and money. IC represents less than 10% of my
income as a consultant and when I have to dig this hard to get a simple
answer its nothing but discouraging. By the way, thank you Randy, for
stepping up when others at RH wouldn't. If I can ever return the favor,
just ask.

Why flame developers for choosing not to use encryption where its not
needed. Warning them is wise and good. Calling them stupid is wrong. You
use IC your way and we'll use it ours. That's called open source. Thanks
for your advice and experience. I know you contribute a lot here. Let's
not resort to using this list in a way that belittles or discourages
people. That takes away from RH and IC. 

Just my two cents.

--------------------------
Robert Trembath
Internet Technology Manager
e|robert@ishoptech.com 

-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com] On Behalf Of Jim
Balcom
Sent: Sunday, November 04, 2001 6:46 PM
To: interchange-users@interchange.redhat.com
Subject: RE: [ic] Credit Card Info


On Sun, 4 Nov 2001, John Beima wrote:

JB>>What do you think they would say? I bet you cc company would yank 
JB>>your ability to take cc's if they knew you were doing this.

American Express 'spam'd' all of it's merchants about a month ago (as I
recall) and they were explicit. If I am going to accept 'The Card' in
e-commerce that card number has to be removed from the server within 15
minutes. They also require secure connections for all phases of card
number transmissions. (They made several other demands also.)

They left no doubt in my mind that if an American Express Cardholders
card number gets compromised while they are doing e-commerce business
with me that my ass is going to be swinging from the nearest tree.

Personally, I figure that if a person is too stupid to figure out how to
work around the safeguards that Mike has put in, then they are too
stupid to be able to properly protect the data that they are trying to
compromise.


-= Jim =-

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Sunday, November 04, 2001 at 19:35 PM:
A few cans short of a six pack, Six short.

----------------------------------------------------------------
This Linux System has been up 225 hours

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------

_______________________________________________
interchange-users mailing list interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users