W3C home > Mailing lists > Public > www-talk@w3.org > May to June 1997

Re: security on the web

From: Reed Wade <rwade@usit.net>
Date: Mon, 12 May 1997 12:47:48 -0400 (EDT)
To: Sarra Mossoff <sarra@smallworld.com>
cc: www-talk@w3.org
Message-ID: <Pine.GSO.3.95.970512123237.4796C-100000@use.usit.net>


> It is my understanding that concerns about security on the web are much
> exaggerated.  Think of all the people who feel comfortable giving their
> credit card number over the phone -- even cordless phones.  This method of
> transmission can be intercepted by just about anyone willing to invest a
> small amount of money in the necessary technology.

> Sarra Mossoff                          171 West 85th Street


I can't entirely agree. Snooping credit card numbers going
to a web server isn't much different from snooping passwords
on a local net. It's more involved as far as picking the right
machines to break into but that's the only difference.

If the card numbers are encrypted, it cuts down the value of these 
sorts of break-ins considerably.

That said, I do agree that card numbers in the clear are
about as safe as handing some random waiter your credit
card. Rarely is this a problem.

But, since we can easily protect this information from attacks that
are reasonably likely to occur, we should. It would be 
irresponsible not to.

-reed
Received on Monday, 12 May 1997 12:48:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:22 GMT