[Info-vax] VSI has released 9.2-1
Arne Vajhøj
arne at vajhoej.dk
Wed Jul 5 21:25:07 EDT 2023
On 7/5/2023 8:30 PM, Dave Froble wrote:
> Back when we were storing customer credit card information, we broke
> the number into 2 parts, and stored each part on two different databases
> on two different systems. Thus, any hacker would not get total CC data
> unless he know our design. Also stored the exp data and pin in
> different locations. If someone knew the design, then the data was
> still at risk. But much harder.
If the same application has access to both databases, then
I would say that the risk that if hackers (and that include
insiders) got access one then they got access to both is
pretty high. And the problem of having to figure out where
the different pieces are stored is not a hard problem
compared to various encryption schemes.
Arne
More information about the Info-vax
mailing list