Comersus Version: 7095
Database type: Access
Frequency: Permanent issue
Shouldn't the utility file that does the decryption of CC numbers be on an SSL server, too?
It seems to me that, if it is not, then the encrypted string and the decrypted CC number are vulnerable during transmission.
If so, are there any special configuration issues for putting the BackOffice, or subsets of it, on SSL?
Or, am I getting too paranoid?