Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

is this secure?

Status
Not open for further replies.
JohannIcon

JohannIcon

Programmer
Sep 3, 2002
440
MT
Dear All,

We are going to do a website for a local company, and basically, what they need is a simple on-line shop so that their clients will buy books online. This is how the site will basically work:-

1) The user views a list of books and chooses the ones he wishes to purchase.

2) After choosing these books, he is passed onto a secure server using SSL and inputs his VISA number. Then this Visa number is inserted into an MS ACCESS database and the administrator of this site will see this VISA number and charge the client using and EPOS machine.

However I have some concerns about this. By inserting the VISA number into an MS ACCESS Database, will this be risk free? The database is in the root folder of the server, so a normal user cannot access the database. Also the folder where I will put the admin asp files will be protected. Is this enough to be risk free, or a hacker can still access these Visa numbers?

Thanks for your help and time
 
Sort by date Sort by votes
Not secure at all...the hacker can download the entire db if he can guess the name. Plus access has no built in security that can keep data secure should it be hacked.

As well, any holes in the webserver & o/s software via configuration errors or laspes in vendor programming(and you are using windows i take it) can be exploited to gain access to the entire system.

If you are running it this way, consider perhaps using pgp and encrytping an email to the admin to pass the CC numbers.

At the very least the db should sit on another server that is not internet connected, and any approved transactions should have the CC#s deleted as soon as possible



Bastien

Any one have a techie job in Toronto, I need to work...being laid off sucks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
548
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
561
leifoet
leifoet
Krus1972
  • Locked
  • Question
msxml3.dll error '80072f7d' - An error occurred in the secure Channel support
Replies
7
Views
1K
Krus1972
Krus1972
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
559
JScannell
JScannell
Ambientguitar
  • Locked
  • Question
Issue with this not calling the Sub in Classic ASP page
Replies
5
Views
562
MarkSweetland
MarkSweetland

Part and Inventory Search

Sponsor

Back
Top