PHP also stores session information in temp files, so I wouldn't store credit card info in a session.
From what I have read, you shouldn't retain a credit number any longer than absolutely necessary. In addition, the full credit card info should not be stored with your regular database, it should be stored only on the machine that has to actually charge the credit card. Which shouldn't be your webserver.
On May 11, 2005, at 1:02 PM, Colin Ross wrote:
I am working on a bit of code for credit-card processing, so please keep in
mind, security of the data is essential..
On part of it i wish to use a buffer, but i wonder if that data is saved
anywhere on the running system (as a temp file, etc), or is it just held in
the system's memory?
My concern is that if an error occurs in the processing, i don't want that
buffer to remain (with possible valid Credit Card data) on the system...
Colin
p.s. As with other 'touchy' subjects like credit card processing, all valid
input is appriciated.
-- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
