And if you do store it, don't store it on the websderver.  Make sure it's on 
another server behind another firewall.

You don't want someone that hacks into your web server to have ready access to 
your database.

I think AES is supposed to be the best, then 3DES is next.  (That's 3DES, or 
triple DES, not DES)

But like Chris said: if you don't have to, dont do it.

But if you must, encrypt all of the personal information data points, not just 
the CC info.


> -----Original Message-----
> From: Chris [mailto:[EMAIL PROTECTED]
> Sent: Tue, December 18, 2007 9:30 PM
> To: Keith Spiller
> Cc:
> Subject: Re: [PHP-DB] Credit Card Encryption
> Keith Spiller wrote:
> > Hi Everyone,
> > 
> > I'm trying to determine the best method to store credit 
> card numbers in 
> > a mysql database.  As yet I have been unable to determine whether I 
> > should use MySQL AES, DES or a PHP encryption method.  I 
> would greatly 
> > appreciate any advice you guys could offer.
> Why do you need to store c/c info? If at all possible, don't.
> If you're looking for something like recurring payments, use 
> paypal or 
> one of the other payment providers that support it.
> -- 
> Postgresql & php tutorials
> -- 
> PHP Database Mailing List (
> To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to