To extend on Dragon's comments, the personal information should not even be stored on any server that is accessible from the web.
I'm working on a credit card processing site for work. We added in TWO new domino servers, each in their own Domino domains and only one of them accessible via http in our dmz, the second is on internal network only, has no http etc.
The two servers are cross certified and when the user enters in credit card and personal data the data is captured via agent and moved to the storage database on the other server.
To extend on Dragon's comments, the personal information should not even be stored on any server that is accessible from the web.
I'm working on a credit card processing site for work. We added in TWO new domino servers, each in their own Domino domains and only one of them accessible via http in our dmz, the second is on internal network only, has no http etc.
The two servers are cross certified and when the user enters in credit card and personal data the data is captured via agent and moved to the storage database on the other server.