DISCLAIMER: Use this advice at your own risk. If you take my advice and your cc numbers still get stolen, your fault, not mine. By continuing to read this, you agree to these terms.
Put them in a separate database, on a different server, behind a firewall, that is ONLY running MySQL and sh. Shut EVERYTHING else off, lock it down hard, remove all logins other than the ones necessary for the box's operation. Set your hosts.allow to only allow access to the box from the webserver. Then, in your PHP, retrieve them with a separate Select using a memberID or userID as the FK from the main database. Change the mysql password daily. Make sure it's different form the password to get into your main server. Is this secure? No. Does it make it harder to get the CC info? Yes. Harder is all you can hope for. Impossible is...well, impossible. :) HTH, =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -----Original Message----- From: Someone Somewhere [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 11:48 AM To: [EMAIL PROTECTED] Subject: [PHP] Secure storage of credit card information I'm working on a e commerce site and I need to store the credit card info of people who purchase stuff, on the site. How can I encrypt the credit card # put it in a dbase and decrypt it when I need to Using Php4.* and Mysql. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
