[UPHPU] Is https enough?
Brandon Stout
bms at mscis.org
Wed Jun 13 01:35:34 MDT 2007
Orson Jones wrote:
> https is perfectly fine. The thing that worries, is what happens after it hits the server. (is it stored in an unencrypted format, is it stored longer than necessary, is it transmitted elsewhere securely? etc.)
>
> Orson
I agree. However, if encrypted properly in the database, is there a
"longer than necessary"? Once on their server, perhaps it's less secure
to have to request the card number again than to keep the number
encrypted on the server.
Brandon Stout
http://mscis.org
More information about the UPHPU
mailing list