Mom and Pop CC Security
Jim Musil
jim at nettmedia.com
Mon Jul 22 13:35:01 EDT 2002
Hi all,
Let's say a user fills in his/her credit card number into a web form and
then submits the form via https to a secure server.
The user's order and credit card info are stored in a mySQL database.
Then, the owner of the site goes to a dynamic page which also lives on the
same secure server. This page lists all the orders and the credit card
numbers.
The owner then processes the credit card order by hand in hes/her shop and
deletes and marks the order as processed.
What security holes exist in this scenario?
Jim Musil
More information about the talk
mailing list