In a supreme effort of optimism, we can again assume that, in
addition to all the supposition we have imposed so far, we managed
to close our transaction successfully and securely. And yet,
we are stillnot safe.
Our data are normally stored somewhere, sometimes for pro?¬?le
purposes, more often for allowing batch transactions later.
When you buy something online, your card does not usually get
charged immediately. The merchant must perform follow-up
operations, and those require the credit card number.
Once the information
reaches a
website, its safety is
in the hands of the
website itself
The longer information
stays in a
place, the bigger
the window of
opportunity for
attacking it
26 The Problem
It could happen that another customer, visiting the merchant
website after us, may try some attack for retrieving sensitive data
about past transactions. One of the most commonly known
attacks is called SQL injection. During a transaction, the merchant
website collects customer information by prompting the
user with forms. After those forms have been ?¬?lled, the software
behind the website connects to a database, inserts the newly
acquired data, and runs comparisons with the existing records.
Pages:
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69