Check the local legislation regarding keeping such sensitive information.
Many countries do have strict requirements for handling credit card info.
Your bank might help you find what the rules are.
Satyam
----- Original Message -----
From: <siavash1979@xxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Sunday, April 08, 2007 8:26 PM
Subject: keeping credit card info in session
Hi All,
I've got quite a bit or php experience, but I've never had to deal with
credit
card info before. Now for a property rental site, I'm adding a way for
users to
be able to fill out a form which also has some credit card info in it.
After they submit the form, there are a couple of more steps and to pass
credit
card info to the last page, I'm storing all the info in my session. Now, I
did
go and bought an SSL certificate, so the booking section of the site is on
SSL
(https). I'm just wondering if this is secure enough. as far as I know,
SSL
means connection to server is secured, so session variables should be
secured
too. no?
Also after I get credit card info, I'm storing them in a mysql table until
an
admin would log in to the site, see new reservations, charge them manually
and
contact the customer, and then that entry will be removed from my database
for
ever. Is this ok? or is it a really bad idea? originally the plan was to
send
an email to the admin with credit card info, but then I realized that
emails
are very unsecure. so I decided to keep the info on the SSL section of the
site.
just because I'm dealing with credit cards, I'm so afraid of doing
anything
now. Any suggestions? or perhaps any links to how to make it all more
secure?
Thanks a lot in advance,
Siavash
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007
22:57
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
