Re: Patterns for security
From: carion1 (ddavis76_at_gmail.com)
Date: 09/16/05
- Previous message: steven_at_sbcanada.com: "nightmare with ADAM ldap and roleprovider"
- In reply to: STom: "Re: Patterns for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Sep 2005 19:11:05 -0500
If the back end is SQL Server just use SSL. I am sure BizTalk would support
an SSL connection. Got me on the main frames.
-- Derek Davis ddavis76@gmail.com "STom" <stombiztalker@hotmail.com> wrote in message news:%23PN7k6asFHA.2072@TK2MSFTNGP14.phx.gbl... > Yes, this is a web app that will pass the request through the DMZ, through > a firewall to the app server. I believe at this point we may be using > BizTalk, which really doesn't have much to do with it I guess. > > The problem still remains, keeping the CC info encrypted all the way > through. > > You say there are standard practices for doing this. Thats what I'm > looking for. Any links you could provide? > > Thanks. > > STom > <rounner@yahoo.com> wrote in message > news:1125875972.665194.5200@g47g2000cwa.googlegroups.com... >> You're writing a web app that needs credit card info? >> There are standard practices for handling this, and the security >> considerations are known and discussed and you can risk mitigate. For >> example you may arrange to have SSL certificates sent to your clients >> to secure the transaction (look up mutual SSL authentication and check >> phishing/ pharming too). If you have millions of clients then this may >> be deemed too logistically difficult. >> When you say a clients confidential data will not be stored securely on >> the mainframe... you might want to reconsider. >> > >
- Previous message: steven_at_sbcanada.com: "nightmare with ADAM ldap and roleprovider"
- In reply to: STom: "Re: Patterns for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
