Hi Luis,
We have used ScottG's nsopenssl for a couple of production sites. We
are happy with it. It is reasonably secure. Also I think with
regards to security I think you should concentrate on hardening your
box. Its a little harder to break a ssl connection and sniff out the
credit card transmission than exploiting a known exploit in your box.
An intruder would likelt take the later path. Then try to get on
hold of the database. If you are running ACS/OpenACS 3.x then all he
needs is to get into the ec_creditcards table.
A good example is if you are running ACS which runs on Oracle. Oracle
8 has a known exploit on the listener. A successful buffer overflow
and executing a shell will make you oracle dba. You have now easy
access to the ACS database.
