Hi,

I'm using Miva 4. I noticed that customers credit card numbers are stored in a local file ( orders.dbt ). This is a serious security issue. I don't want to store sensitive data locally to avoid them being stolen. So:

1. Is it possible not to store credit card numbers to a local file?

2. Or is is possible store them on a remote secure server? Does Miva provide this kind of service?

Thanks in advance!

Tom

If your host is storing any of your dbf files inside the web/html type directory (browsable) - then your host has your site misconfigured. The mivadata directory should also be outside this directory. Also MM4 has the ability to encrypt the credit card data - you can activate it but make sure you don't lose your Passphrase.

First though you need to confirm the location of your data directory.

should also be outside this directory

Should read:

should always be outside this directory