CC saving is a bad idea on a web facing server...much better to let the user
re-input the data each time. If your network allows it, store the data
encrypted (using php's mcrypt/decrypt extension) on an separate extremely
limited access, non-webfacing (ie internal) db/server that only allows
inserts from the webfacing server. Hacking and the liability of being hacked
is something to take very seriously. Also look into PCI & regulatory
compliance with regard to storing CC data on a server to be aware of any
laws that can govern how you do this.
Passwords: again use mcrypt
Bastien
From: Peter Beckman <beckman@xxxxxxxxxxxxx>
To: PHP-DB Mailing List <php-db@xxxxxxxxxxxxx>
Subject: Storing Credit Cards, Passwords, Securely, two-way
encryption
Date: Thu, 5 Jan 2006 20:27:57 -0500 (EST)
So I'm thinking about how to save credit card numbers in the DB, for
re-charging cards for subscriptions, new orders, etc.
I'm also thinking about how to save passwords in the DB, not plaintext, but
not one-way encrypted either.
Any suggestions? How would I secure the database? I'm thinking some
abstract process in code, or something -- security through obscurity.
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman@xxxxxxxxxxxxx http://www.purplecow.com/
---------------------------------------------------------------------------
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
