Em Domingo 08 Abril 2007 15:26, siavash1979@xxxxxxxxx escreveu: > Hi All, > > I've got quite a bit or php experience, but I've never had to deal with > credit card info before. Now for a property rental site, I'm adding a way > for users to be able to fill out a form which also has some credit card > info in it. > > After they submit the form, there are a couple of more steps and to pass > credit card info to the last page, I'm storing all the info in my session. > Now, I did go and bought an SSL certificate, so the booking section of the > site is on SSL (https). I'm just wondering if this is secure enough. as far > as I know, SSL means connection to server is secured, so session variables > should be secured too. no? > > Also after I get credit card info, I'm storing them in a mysql table until > an admin would log in to the site, see new reservations, charge them > manually and contact the customer, and then that entry will be removed from > my database for ever. Is this ok? or is it a really bad idea? originally > the plan was to send an email to the admin with credit card info, but then > I realized that emails are very unsecure. so I decided to keep the info on > the SSL section of the site. > > just because I'm dealing with credit cards, I'm so afraid of doing anything > now. Any suggestions? or perhaps any links to how to make it all more > secure? > > Thanks a lot in advance, > Siavash Just one thing: how about cript the DB data with base64 or anything else? Some PGP key... Whatever... JMO... BTW, I liked your solution (store in DB)... I would use it... []s -- Davi Vidal davividal@xxxxxxxxxxxxxxxx davividal@xxxxxxxxx -- Agora com fortune: "If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money it values more, it will lose that, too. -- W. Somerset Maugham" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
