PHP has some encryption mechanisms in it - but by that time you've
sent the data to the server. The other respondents are correct
though - you should be using an SSL connection to encrypt the data
between the user and your server.
On a site that I do I use SSL to keep the data secure between the
user and the server - but the server is in another state. So I have
the server encrypt the data (using PGP) and send it on to my computer
- where I decrypt it.
If you cannot manage an SSL connection for whatever reason then
having the information encrypted locally might work in theory (though
Vigenere isn't as uncrackable as the writer of that article thinks -
nor do they know how to spell the name - it wouldn't be worth the
effort to steal one cc number). HOWEVER - the 'key phrase' that
will encrypt the user data is the SAME one that you would use to
decrypt it - and it would have to be right there on the page unless
each customer were to pick their own key phrase and phone you with
it! This "two-way" encryption used to be the standard - but it
requires that the sender and the recipient have the same key.
Public key encryption ('one-way') like PGP allows two separate keys
for encryption and decryption, neither of which can be derived from
the other. The encryption key is made public, but the decryption key
is kept secret.
Nelson
>I use a PHP self-validating form for taking orders off my site. (on submit
>it calls itself and if there are no errors a send variable is set and it
>emails me the information, etc - standard stuff).
>
>I'd like to start taking CC orders and would like to encode the information
>using javascript
>http://javascript.internet.com/passwords/virgenere-encryption.html. I'll
>use a hidden value as a codephrase to encode the CC number, then when I
>receive the order I can go to a secure page on the site to decrypt it.
>
>The question is - how do I call a javascript function from my PHP code? I
>want to do the encoding just before I email the form variables. ie -
>
>if ($send == "yes"){
> do javascript encoding of cc number
> $mail (information to me)
> echo ("Your Order has been sent")
> }
>
>Thanks for any help,
>Dean
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
===========================================================
Nelson Goforth Lighting for Moving Pictures
phone: 01.303.322.5042 pager: 01.303.634.9733
resume: http://www.earthnet.net/~ngoforth/film
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
