[Previous] [Next] [Index]
[Thread]
Re: Security/Privacy of Certificates in Netscape 3.0
On Mon, 29 Jul 1996, Paul Meijer wrote:
>
> SSN and birthdate, among other things, are used to authenticate identity.
> This is also why we request a credit card number. We don't charge credit
> cards for services unless we state so EXPLICITLY. We indicate that our Class
> 2 Service is in beta and we state that we do not charge the applicant's
> credit card. We do check the Equifax credit database, and we use the credit
> card check to help authenticate identity.
>
But do you keep these data items (SSN, Driver's license, VISA)
permanently in some file or database system? I imagine you could just
keep them until the Equifax on-line query clears and then drop them, or at
least the VISA number part of it. I am not so concerned with sending any
of this information over SSL (or equivalent encryption) but I am concerned
with what happens to it at your site, and that you never say. How secure
are your databases? What kinds of precautions are you taking to prevent
un-authorized access to these databases? Are they available via an
un-encrypted network stream for things like internal system maintainence
and development? (For example, if you use Oracle as a DBMS, then do you
have SQLNET up and running over TCP/IP and do you force all SQLNET
connections to use encryption?) Do you use re-useable passwords on your
internal systems or do you use one-time systems?
Follow-Ups:
References: