Sorry, the Credit Card number comes from a web form, that is, from the
   network connection.  The rest of the argument is irrelevant because of this.
   
   A PHP compromise can cull future CC# entries, but not past ones.
   So, the system with MLS is forward secure.


why do i need MLS?  the web server log file can be writeable
but not readable by the web server user, given standard unix
permission model.  what does MLS provide?