The only way i see to accomplish that is to use public key encryption.
for example:
- retrieve credit card id
- encrypt it with the administrator public key
- when the administrator need to do a report he can give the secret key or the password of it (if it is stored on the server)
- you can then decrypt the card id with the private key
This way your encryption key does not reside on the server (in the code) and you can have really strong encryption.
Look at the OpenSSL PHP extension, it could help.
Eric
At 17:41 25/11/2003, Herhuth, Ron wrote:
I have a situation where users will be entering their credit card number then the number will be stored in the MicroSoft SQLdatabase. I already have SSL in place but what I would like to do is to encrypt the number in the database to help my CIO sleep at night. We have constructed a report to get retrieve the stored information that is locked down hard using IP address validation and several other IIS security methods...but I will need to have the credit card number decrypted in this report.
Can anyone point me to a method to encrypt the Credit card number on insertion into the database, and then decryption when reporting? I have MCrypt installed and functioning correctly on my server, I just can't find any simple tutorials on how to do this.
Thanks, Ron
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
