[ic] Security risk of storing orders on server
John1
list_subscriber at yahoo.co.uk
Sun Jul 4 17:31:43 EDT 2004
I have noticed that the Foundation demo stores order e-mails in the orders
directory.
As these files contain the PGP encrypted credit card numbers and the server
also has a copy of the PGP keys, I feel this would be a small security risk
in the event that the server were compromised.
I assume that a good solution would be to only store the private encryption
key on the server (not both the private and public key).
Does anyone know how to remove the public key from the keyring? I am using
GPG.
Thanks
More information about the interchange-users
mailing list