+---------- On Sep 7, Jerry Asher said: | Do I basically have it or is there a better way to do this?
Talk to the payment processor from the PK, not the WS. That way, a decrypted CC# only exists on the WS when the user first enters it. It's immediately encrypted and stored in the DB. It never again appears in decrypted form on the WS. The PK needn't be accessible from the Internet, needn't run the same OS, needn't have a web server, etc. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
