[UPHPU] store sensitive data in mysql + php web application

thebigdog bigdog at venticon.com
Tue Jun 30 11:40:09 MDT 2009


> I think I know what he's doing so I'll say, yes, he needs this
> information.  I've written a similar application, but we transfer the
> data offline asap.

You have to be careful here cause there are places that the data can be
compromised during the overall process of receiving and sending to storage.
Memory is one area that someone can get to the data. Sometimes the data can be
written to temp storage before it is sent out. That is another area that needs
to be secure on the server, even if the final storage is a pci complaint system.
Just some additional thoughts. Granted it is difficult to compromise some
systems in these methods, yet there is that reality and if it happens to your
company there is the liability that goes with it.


-- 
thebigdog


More information about the UPHPU mailing list