Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

Re: FN-FORUM Access 2000 Quickun

date posted 1st October 2002 20:24

I'm not sure that I'd want to store CC numbers on my Web server in anything
unless I had control over the server itself or at least trusted the server
admin a lot.
I'd rather leave them with a specialist provider (someone I can sue the
pants off if they get it wrong).

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Kathy
http://www.vendetta.co.uk
DNRC Minister for Useful but Irritating Information and Trivia
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

----- Original Message -----
From: "Anthony Johnston • Antix" [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Tuesday, October 01, 2002 6:26 PM
Subject: RE: FN-FORUM Access 2000 Quickun


> Hi Dave,
>
> Been considering using an encrypted access db with user level access
> to store credit card numbers.
>
> Plan was...
> 1. Insert Query, to add new records
> 2. Secure page for web users to insert
> 3. User with permission to run the query (like a stored proc) but not
> read the data
> 4. Admin user with permission to read the data
> 5. Password protected secure page for reading the data
>
> this way, the only password on the server would be the update user, so
> as long as access was crack proof (?) all would be safe.
>
> However, Access won't allow a user to insert without access to reading
> the data, so, well, open to suggestions.
>
> Anyway thanks to Kathy and yourself, Ant.
>
> -----Original Message-----
> From: [EMAIL REMOVED]
> [EMAIL REMOVED] Behalf Of David Nye
> Sent: 01 October 2002 17:08
> To: [EMAIL REMOVED]
> Subject: RE: FN-FORUM Access 2000 Quickun
>
>
> You need to define "secure" for me to answer that properly.
>
> User level security is quite hard to implement properly; the Access 97
> wizard did not seem to do the job properly when I tried it, so I have
> been doing it myself ever since. In fact the Access 97 documentation,
> third party books, and M$ white papers did not seem to quite tie up with
> reality either, but I have not checked more recent docs. I have not yet
> seen an application produced by someone else which does implement the
> system properly, so the few supposedly secured third party apps I have
> worked on have been very easy to "break" into.
>
> All the non-trivial Access apps I develop include some form of user
> level security setup, even if just to protect the design from fiddling
> users. I am not aware of it having failed yet. But the removal of VBA
> code from the user level scheme in Access 2000 up is a real pain in the
> butt. I hope they reverse that change soon!
>
> David Nye
> http://dnye.co.uk
> Business Systems, Database & Internet Applications Design & Development.
> Microsoft SQL Server, Access, ASP & VB Programming.
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.385 / Virus Database: 217 - Release Date: 04/09/2002
>
>
>
> ============================================================
> = Advanced web hosting solutions from Saffas. =
> = Unix, PHP, mySQL, SSL, Perl, Control Panel, 24/7 access. =
> = Why pay more for less? http://www.saffas.com =
> ============================================================
>
> Sponsor the forum for as little as £1 at:
>
> http://www.freelancers.net/cgi/sponsor.cgi?action=show
>
>
> Advertise with Freelancers.net +Additions+
>
> http://www.freelancers.net/advert.php
>
>
> Freelancers and Freelance Jobs:
> http://www.freelancers.net
>
> Forum FAQs:
> http://freelancers.netrickery.com
>
> To unsubscribe please email:
> [EMAIL REMOVED]
>
> If you have difficulties unsubscribing please email:
> [EMAIL REMOVED]
>
>
> ============================================================
> = Advanced web hosting solutions from Saffas. =
> = Unix, PHP, mySQL, SSL, Perl, Control Panel, 24/7 access. =
> = Why pay more for less? http://www.saffas.com =
> ============================================================
>
> Sponsor the forum for as little as £1 at:
>
> http://www.freelancers.net/cgi/sponsor.cgi?action=show
>
>
> Advertise with Freelancers.net +Additions+
>
> http://www.freelancers.net/advert.php
>
>
> Freelancers and Freelance Jobs:
> http://www.freelancers.net
>
> Forum FAQs:
> http://freelancers.netrickery.com
>
> To unsubscribe please email:
> [EMAIL REMOVED]
>
> If you have difficulties unsubscribing please email:
> [EMAIL REMOVED]
>

Messages by Day
October 31st 2002
October 30th 2002
October 29th 2002
October 28th 2002
October 27th 2002
October 26th 2002
October 25th 2002
October 24th 2002
October 23rd 2002
October 22nd 2002
October 21st 2002
October 20th 2002
October 19th 2002
October 18th 2002
October 17th 2002
October 16th 2002
October 15th 2002
October 14th 2002
October 13th 2002
October 12th 2002
October 11th 2002
October 10th 2002
October 9th 2002
October 8th 2002
October 7th 2002
October 6th 2002
October 5th 2002
October 4th 2002
October 3rd 2002
October 2nd 2002
October 1st 2002


Messages by Month
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
February 2002
January 2002


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000