Storing CC in database through the use of public, private keys technology.
Not use if PHP has a function to handle this.
What I envision, on top of SSL. We can store CC plus expiration date in
database with great ease by encrypting the CC number with a public key.
The only way to decrypt it is through a private key. In essence, having a
hold of the database may render the thieves useless. It means that we
need to keep the private key in a very safe place ... perhaps in a smart
card.
Just a thought how we can secure customers data. We can rotate the public
key every so often.
Here are the list of security measures that I can think of:
1) IP logging
2) Mal formed URL logging
3) https
4) Admin account last login alert
5) 15-minutes logout after 5 unsuccessful attempts
6) encrypting CC# using a public key and put the private key somewhere
safe, like on a smart card
This is not a meant to be a solution all e-commerce security issues. The
best security is to disconnect your ethernet cable from the Internet.
That always work when you're under attack. :)
Kent Nguyen
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
