Posted by
BJ Freeman on
URL: http://ofbiz.116.s1.nabble.com/Users-Security-API-What-am-I-missing-tp139327p139332.html
sub title CC security revisited.
In Summary the security of CC Info has been discussed.
it covered the encryption of the information, was well as the security
authentication provided by ofbiz.
As long as the CC info is encrypted one way, there is not much concern.
However there is need for Getting the CC info back in readable form in
some cases. This creates a possible security whole.
The application I am in mind is where the gateway service is sent the
partyID and only it can read the CC info.
So if the OS is breached thru it own security hole, and admin, or super
user is gained. Or if someone is using the PC that ofbiz runs on for
Internet and gets a Trojan. Then the complete DB and application can be
retrieved.
to further create security, I have implemented put the DB on a private
network that only the server can see.
Soes anyone with a twisted mind (meant in humor) see a way that this
could be compromised
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users