Hello, Scott Marlowe wrote: Try to avoid storing any card and card holder info, and you definitely shouldn't keep in DB the whole data required to authorize transaction. Just take in mind how dangerous this info could be in case of security leak.On Thu, Nov 6, 2008 at 2:43 PM, Michelle Konzack <linux4michelle@xxxxxxxxxxxxxxx> wrote:************************************************************************ * Do not Cc: me, because I READ THIS LIST, if I write here * * Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe * ************************************************************************Sorry, it's how this list works. If you don't want that, there are some options for majordomo you can set to alleviate the issue. I'm not changing how I reply to the list just for you.Hello, I am coding a new OnlineStore (the existing ones fit not my needs, are to complicate to use or simply closed source and too expensive e.g. InterShop) with an integrated powerful ledger. So now it comes to infos about Credit Cards, PayPal and friends...If you are storing credit card data then you must follow the PCI standards for doing so. Look them up on the web and get a copy. Failure to follow their security guidelines will result in you not being allowed to process or handle credit cards. That said, the best way to store them is to not store them. If you still have to, then use some kind of encryption using the user's password as part of the key, and don't store the user's password, only an md5 of it. Also, store the password on one machine, encrypted, do the encryption decryption on another machine -- Andrei Kovalevski PostgreSQL Replication, Consulting, Custom Development, 24x7 support Managed Services, Shared and Dedicated Hosting Co-Authors: PL/php, ODBCng - http://www.commandprompt.com/ |