|
|
|
|
|
|
by nmcfarl
4713 days ago
|
|
|
The last system I worked on that actually stored it’s own CCs (Lately it’s been all tokens, all the time, for me) did roughly this with the added, fun, feature no SSH or remote shells on the backend box. You sent messages to add or charge our client’s credit cards from the front end - on the ultra-simple protocol, to the 1 (!) open network service on the backend. And that’s all the input it took from the network. If something more complex was needed someone with much higher permissions than I went to the server room and typed into the terminal. Which really minimized attack surface. |
|
|