> Well.. Isn't that the ideal. > > I agree in theory, however, not all clients are willing to shell for the > Payment Processor Services if they are just starting ou tin e-commerce > and don't know what kind of volume to expect. They aren't that expensive and usually come with all of the scripts you need to implement it. > Thery is wonderful, however, practicle must preside. Hmmm, that's funny. I would think that _security_ must preside. Maybe I run a different business than you do. ---John Holmes... > -----Original Message----- > From: 1LT John W. Holmes [mailto:holmes072000@charter.net] > Sent: Wednesday, October 23, 2002 4:33 PM > To: Ryan Jameson (USA); php-db@lists.php.net > Subject: Re: Credit Card Info & Cryptography > > > When ever I see "easy", "encrypt", and "credit card" in the same > sentence, it makes me worry. > > Don't store credit card numbers. Charge them once and don't save it > anywhere. > > ---John Holmes... > > ----- Original Message ----- > From: "Ryan Jameson (USA)" <RJameson@usa.ibs.org> > To: <php-db@lists.php.net> > Sent: Wednesday, October 23, 2002 4:20 PM > Subject: RE: Credit Card Info & Cryptography > > > Since your goal is to encrypt the card number in the database you'll > naturally need a way to decrypt it as well. At that point it seems your > concern is that your database will be compromised. That can be avoided > easily by creating a single private key and using your own algorithm to > encrypt based on that key. The only catch is, if the code that does the > encrypting is compromised, and the database is compromised, then the > numbers are compromised. My basic point is, your need is not the same as > what PGP addresses in that PGP addresses the more difficult problem of > passing data between 2 entities. Your requirement is very simple to > address; 1. write a simple compiled module with an embedded key, 2. keep > that key in a safe place, and 3. write another module to decrypt, all it > needs is the key. This is similar to what was done with DVDs, just don't > allow your encryption algorithms to be compromised. You can put the > source code in the same place as your key, you can use a code scrambler > when you compile, and you should already have your server secure > already. Again, my point is, this is easy because the same entity that > encrypts is doing the decrypt. Hope this helps. > > <>< Ryan > > -----Original Message----- > From: Doaldo Navai Junior [mailto:doaldo@triunfo-bsb.com.br] > Sent: Wednesday, October 23, 2002 12:53 PM > To: php-db@lists.php.net; php-general@lists.php.net > Subject: Credit Card Info & Cryptography > > > Suppose I sell some products online and get user's credit card info via > SSL connection. Isn't there any method (free, preferably) of ASSYMETRIC > (Public > key) cryptography I can use with PHP to store this data in a db?? Or is > there any other good option instead of this? > > TIA, > Doaldo > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
