Consider the scheme used to allow customers to submit their credit card and order information. Section 26.3.3.2 states that the enciphered version of the data is stored in a spooling area that the Web server cannot access.
a. Why is the file kept inaccessible to the Web server?
b. Because the file is inaccessible to the Web server, and no other services are available to an attacker from the Internet, the encipherment may seem unnecessary. Discuss this issue, but assume that the attacker is on the internal network.