Lawrence D'Oliveiro <[EMAIL PROTECTED]> writes: > > lower. Just last week a police employee in my class told us of an > > exploit where a major credit card copmany's web site had been hacked > > using a SQL injection vulnerability. This is usually done with the > > intent of gaining access to credit card data. > > If they can do that, it doesn't seem much of a step to compromise the code > that decrypts the credit card data, as well. Keeping it encrypted, when the > key needs to be kept at the same (in)security level, is just > security-through-obscurity.
Keys in such sites are supposed to be kept more secure than the stuff in the db. -- http://mail.python.org/mailman/listinfo/python-list
