Re: keeping credit card info in session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Check the local legislation regarding keeping such sensitive information. Many countries do have strict requirements for handling credit card info. Your bank might help you find what the rules are.

Satyam

----- Original Message ----- From: <siavash1979@xxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Sunday, April 08, 2007 8:26 PM
Subject:  keeping credit card info in session



Hi All,

I've got quite a bit or php experience, but I've never had to deal with credit card info before. Now for a property rental site, I'm adding a way for users to
be able to fill out a form which also has some credit card info in it.

After they submit the form, there are a couple of more steps and to pass credit card info to the last page, I'm storing all the info in my session. Now, I did go and bought an SSL certificate, so the booking section of the site is on SSL (https). I'm just wondering if this is secure enough. as far as I know, SSL means connection to server is secured, so session variables should be secured
too. no?

Also after I get credit card info, I'm storing them in a mysql table until an admin would log in to the site, see new reservations, charge them manually and contact the customer, and then that entry will be removed from my database for ever. Is this ok? or is it a really bad idea? originally the plan was to send an email to the admin with credit card info, but then I realized that emails are very unsecure. so I decided to keep the info on the SSL section of the site.

just because I'm dealing with credit cards, I'm so afraid of doing anything now. Any suggestions? or perhaps any links to how to make it all more secure?

Thanks a lot in advance,
Siavash

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007 22:57



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux