On Fri, 6 Jan 2006, Dan Baker wrote:
"Peter Beckman" <beckman@xxxxxxxxxxxxx> wrote in message
news:20060105202254.X8551@xxxxxxxxxxxxxxxxxxxx
So I'm thinking about how to save credit card numbers in the DB, for
re-charging cards for subscriptions, new orders, etc.
I'm also thinking about how to save passwords in the DB, not plaintext,
but
not one-way encrypted either.
Any suggestions? How would I secure the database? I'm thinking some
abstract process in code, or something -- security through obscurity.
[Summary: Call Verisign, pay THEM to store credit cards for you]
What, exactly, does VeriSign do, that makes you so sure that they have
secured the credit card information any better than I could, using a
well-thought-out system? Do you even know? You just hear "VeriSign" and
believe they have smart people that have more resources available to them
to do a better job securing the data?
Maybe this makes sense if you are doing a few hundred or a few thousand
dollars of business a month, but if you are planning on doing $5,000 to
$10,000 a day, it is a lot of added expense to have someone else do it,
when I could have it done internally. It is the how.
Please, no more replies saying don't do it.
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman@xxxxxxxxxxxxx http://www.purplecow.com/
---------------------------------------------------------------------------
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
