Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Credit card security and AJAX
June 20, 2006, 5:15 pm
rate this thread
I've been thinking a lot lately about how to make it as difficult as
possible for someone to intercept credit cards on an e-commerce site.
If a server is root exploited, and it's the hacker's intent to collect
as much information as possible without the knowledge of the site owner,
there's an obvious way to do it.
1) Locate the script that processes the credit cards and simply alter it
to email yourself the sensitive data.
This could be combatted by encoding the script with Zend or somesuch so
that a hacker can't edit it. S/he could make a new script, but not
without any competent webmaster noticing. However, here's a new technique:
2) <input type='text' name='CreditCardNumber'
Using this technique, a purely static HTML site could be hacked. I
can't think of a good way around this, and if it were done, it could sit
there for ages before someone noticed. What do you all think? Am I