liability

Doubtful but you may want to remind your employer that it only
costs maybe a thousand bucks per certificate to avoid the
potential of getting sued. You may also want to get
their request to you in writing/email and keep a copy just
in case...

Remember, a secure connection only keeps network traffic
sniffers from grabbing your data out of thin air. It does
nothing about keeping people from hacking your web server
and ultimately your database server.

Why go after a single transaction with a sniffer when you
can get thousands in a database?

--
Robbe Morris - 2004/2005 Microsoft MVP C#
Free Source Code for ADO.NET Object Mapper To DataBase Tables And Stored
Procedures
http://www.eggheadcafe.com/articles/..._generator.asp


"carion1" <dd******@gmail.com> wrote in message
news:uz**************@TK2MSFTNGP09.phx.gbl...

I don't know where else to ask this question so I will ask it here.
Legally, if my employer asks me to take in sensitive information (credit
cards, SSN, etc) on a public web site that does not use a secure
connection, am I liable in any way if that information is compromised?

--

Derek Davis
dd******@gmail.com

Very interesting question. If I was in that position, I would be concerned
about my legal liability also. I suspect that it makes a difference whether
you are a contractor, or an employee. My guess is that, for an employee, in
almost all circumstances, the company is entirely liable for any work
performed by that employee - whether they are acting on instruction, or even
acting outside instruction. The employee may be liable in a case of serious,
and deliberate, fraud.

However, don't trust my advice. There are websites which provide legal
advice. eg.

http://www.directlex.com/forums/index.php

Good luck with it, and please let us know what you find out!

Javaman
"carion1" wrote:

I don't know where else to ask this question so I will ask it here.
Legally, if my employer asks me to take in sensitive information (credit
cards, SSN, etc) on a public web site that does not use a secure connection,
am I liable in any way if that information is compromised?

--

Derek Davis
dd******@gmail.com

>> I don't know where else to ask this question so I will ask it here.

Legally, if my employer asks me to take in sensitive information (credit
cards, SSN, etc) on a public web site that does not use a secure
connection,
am I liable in any way if that information is compromised?

At the very least, you should get your objection in writing, in the form of
a memo to your employer, and maybe also a comment in the code.

The company will only be liable if it will actuly confense to instruct u
unfortunatly when the issue will rise they will claim the employee was
acting on his own and that they dont even understand about keeping data here
or there.
My small advice write an email to your boss with what u said here and ask
for his wrriten instruction on the mater
and do the best u can to keep it safe in the limit of the instruction.

"Javaman59" <Ja*******@discussions.microsoft.com> wrote in message
news:00**********************************@microsof t.com...

Very interesting question. If I was in that position, I would be concerned
about my legal liability also. I suspect that it makes a difference
whether
you are a contractor, or an employee. My guess is that, for an employee,
in
almost all circumstances, the company is entirely liable for any work
performed by that employee - whether they are acting on instruction, or
even
acting outside instruction. The employee may be liable in a case of
serious,
and deliberate, fraud.

However, don't trust my advice. There are websites which provide legal
advice. eg.

http://www.directlex.com/forums/index.php

Good luck with it, and please let us know what you find out!

Javaman
"carion1" wrote:

I don't know where else to ask this question so I will ask it here.
Legally, if my employer asks me to take in sensitive information (credit
cards, SSN, etc) on a public web site that does not use a secure
connection,
am I liable in any way if that information is compromised?

--

Derek Davis
dd******@gmail.com