A security analysis was executed on a pair of servers that I manage. In the resulting reports, some mastercard "matches" were found in the following file:
I would like to show that I am being proactive in terms of security, but:
- I think it is very unlikely that any real Mastercard information should
is in this file, considering that my application does not save
information, they have not even entered a form
- I am very detestable
delete or even move / rename this file due to a potentially harmful
Effects on the functioning of postgresql.
So, my question is, how should I satisfy the security personnel that:
- the "coincidences" of the mastercard are false positives, or;
- Have I taken the appropriate measures to mitigate possible security infractions?