RE: Credit Card Info & Cryptography

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Well.. Isn't that the ideal.

I agree in theory, however, not all clients are willing to shell for the
Payment Processor Services if they are just starting ou tin e-commerce
and don't know what kind of volume to expect.

Thery is wonderful, however, practicle must preside.

Aaron

-----Original Message-----
From: 1LT John W. Holmes [mailto:holmes072000@charter.net] 
Sent: Wednesday, October 23, 2002 4:33 PM
To: Ryan Jameson (USA); php-db@lists.php.net
Subject: Re:  Credit Card Info & Cryptography


When ever I see "easy", "encrypt", and "credit card" in the same
sentence, it makes me worry.

Don't store credit card numbers. Charge them once and don't save it
anywhere.

---John Holmes...

----- Original Message -----
From: "Ryan Jameson (USA)" <RJameson@usa.ibs.org>
To: <php-db@lists.php.net>
Sent: Wednesday, October 23, 2002 4:20 PM
Subject: RE:  Credit Card Info & Cryptography


Since your goal is to encrypt the card number in the database you'll
naturally need a way to decrypt it as well. At that point it seems your
concern is that your database will be compromised. That can be avoided
easily by creating a single private key and using your own algorithm to
encrypt based on that key. The only catch is, if the code that does the
encrypting is compromised, and the database is compromised, then the
numbers are compromised. My basic point is, your need is not the same as
what PGP addresses in that PGP addresses the more difficult problem of
passing data between 2 entities. Your requirement is very simple to
address; 1. write a simple compiled module with an embedded key, 2. keep
that key in a safe place, and 3. write another module to decrypt, all it
needs is the key. This is similar to what was done with DVDs, just don't
allow your encryption algorithms to be compromised. You can put the
source code in the same place as your key, you can use a code scrambler
when you compile, and you should already have your server secure
already. Again, my point is, this is easy because the same entity that
encrypts is doing the decrypt. Hope this helps.

<>< Ryan

-----Original Message-----
From: Doaldo Navai Junior [mailto:doaldo@triunfo-bsb.com.br]
Sent: Wednesday, October 23, 2002 12:53 PM
To: php-db@lists.php.net; php-general@lists.php.net
Subject:  Credit Card Info & Cryptography


Suppose I sell some products online and get user's credit card info via
SSL connection. Isn't there any method (free, preferably) of ASSYMETRIC
(Public
key) cryptography I can use with PHP to store this data in a db?? Or is
there any other good option instead of this?

TIA,
Doaldo



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux