RE: Storing information on the server -- NEWBIE ?

Sat, 10 Jul 1999 21:58:03 -0700 

PMFJI --

I'm curious as to what folks have used to separate the SSL server from the
"isolated back end".  SCSI, RS232, other techniques?  Are there commerical
solutions available?

TIA

Harry

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Craig Southeren
Sent: Saturday, July 10, 1999 5:20 PM
To: [EMAIL PROTECTED]
Subject: RE: Storing information on the server -- NEWBIE ?


> Michael wrote:
> >
> > Credit card information should not be kept on the server.
> Send it on a
> > one-way only trip to a second machine which is no accessible via the
> > internet.
>
> How do you do that, then? (FWIW, I agree with the "one way trip" bit,
> but it seems to me that "not accessible via the Internet" is a
> contradiction - "accessible in only a very restricted way" would make
> more sense).

We have taken the approach described by Michael on our network.

The SSL server that accepts the information must obviously by connected to
the Internet. However, the information is immediately transferred to another
machine that, although it is connected to the SSL server, does not have any
direct connection to the Internet.

Storing the information on the SSL server is a Very Bad Idea (tm), as it
makes it available to anyone who can hack into SSL server. Putting it at
arms length, whilst not necessarily more secure in an absolute sense,
extends the time it will take for someone to crack the connection, which
increases the likelihood that you will catch them before they succeed.

   Regards,

      Craig Southeren

 -------------------------------------------
 Equivalence - home of FireDoor, MibMaster & PhonePatch

 Email: [EMAIL PROTECTED]
 Web:   http://www.equival.com.au
 Fax:   +61 2 4368 1395        Voice: +61 2 4368 2118
-----------------------------------------------------

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to