Credit Card authorization from FC3

Brian Fahrlander brian at fahrlander.net
Wed Mar 2 14:05:14 UTC 2005 

On Wed, 2005-03-02 at 08:24 -0500, AragonX wrote:

> I guess now would be a good time to talk about security.  If I understand
> correctly, you are suggesting that a person could walk up to one of your
> icafe machines, put their credit card in and then start surfing (or
> whatever).  Is that correct?

    That's right; and the CC info would be stored in ram, not on disk.

> There is no way of getting around having some sort of central clearing
> house or network share.  You can't just use any credit card that might
> show up.  So you have to keep an account list.  This list would need to
> include some or all of the credit card information for verification.
> 
> This is what I would do:

[Long, solid discourse on secure processing, snipped]

    Wow; that wouldn't be very enjoyable for the customers, either- when
their time is nearing expiration I need to invent a new infrastructure
to alert them, pause the session while they go get change (involving the
otherwise busy resturant personnel, introducing human error, etc) and
then they come sit down at their session again.  Each time they run over
their time.

    I don't see what's so insecure about the system; another server
does, in fact maintain a list of cards and their user-ids, reached by a
secure channel in a highly secure NOC. The numbers/etc are never written
down anyplace locally, just used for the authentication process and
tossed.

    There should be no way a previous user's credit card information
_exists_ on the local machine, so as to be revealed.  Sure, they can
peek and poke into memory (if they were root) and eventually find it, or
remnants of it, but with 1/2G of ram, that's a lot to search....and it'd
be gone in seconds.

    The aim of the idea was to avoid the classic get-up-and-pay and
require-local-assistance problems the other packages have.  I understand
the danger of exposed CC info; I didn't have to work at CheckPoint or
Bank of America to learn that.  :>

    But I seriously appreciate the conversation on all this; you seem to
be ahead of the game in this area.  Do you handle this kinda info for
your dayjob?

-- 
------------------------------------------------------------------------
Brian Fahrländer                 Christian, Conservative, and Technomad
Evansville, IN                                http://www.fahrlander.net 
ICQ: 5119262                                          AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050302/e19ea2d6/attachment-0001.sig>

More information about the fedora-list mailing list