Errata

Architecting for Scale

Errata for Architecting for Scale

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
Other Digital Version 4th para I think

Found on preview (I don't own the book...yet, am perusing) in "Dividing into Services" section:

"Company organization, culture, and the type of application can play a major roll in determining service boundaries."

In that sentence, "roll" should be "role".

 Chris Stromberger  Mar 23, 2016 
Other Digital Version 6/guideline 2
Example 6-2

Example 6-2 states, "In Example 6-1, the credit card numbers themselves can be stored in one service. The secondary information necessary to use those credit cards (such as billing address, or CCV code) could be stored in a second service."

Storing CVV codes (the correct acronym is CVV, for Card Validation Value) is a violation of PCI Security Standards, and would leave the application owner liable for any fraudulent charges resulting from a security breach, as documented in
https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
which states "Never store the card-validation code or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not-present transactions)."

Describing a prohibited use case that would yield significant liability seems a very poor example of separating data toward the goal of enhancing security.

Thanks,

-Tom Jones

 Tom Jones  Feb 15, 2016