Jason, You are of course correct in your statement that running the database on a separate server does not solve the problem. I contend that it is a problem that cannot be solved. The best we can hope for is to make it so difficult that all but the most persistent give up. Move the CC info onto it's own, isolated server, is one step in that direction.
I did not mention it but you are again correct, some type of encryption is called for as well. Pick you flavor but by all means, encrypt the info. I would caution against using the users password as the key though because if the user changes his/her password, it may leave the cc numbers mangled for life. Something a bit more permanent like their login (which is usually not changeable), their memberID or possibly a random number generated and stored in the database with the users record but never returned to the browser. My advise was not meant to assist in preventing someone from using malicious web code to access the information. I was trying to help with physical security of the data by adding an additional layer of security on top of anything done in code. Securing the data separately from everything else does have the advantage of not compromising very sensitive data if the rest of the data is compromised. My $0.2 worth, again, not arguing with you...:) =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -----Original Message----- From: SHEETS,JASON (Non-HP-Boise,ex1) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 12:07 PM To: 'Someone Somewhere'; [EMAIL PROTECTED] Subject: RE: [PHP] Secure storage of credit card information Storing credit card numbers is dangerous, look at the mcrypt functions like previously mentioned. I would encrypt the user's credit card number with a key based on their account password this gives you the ability to not store the encryption key on the webserver. You should mangle it, encrypt it with a temp key, etc. I would mangle their password someway to make it a more secure password, don't trust a user to pick a safe or secure password. Make sure you store the users password as an md5 hash so that if your machine is compromised the bad guys can't easily get your users passwords. Just running the database server on an isolated machine does not solve the problem of keeping the data secure, neither does running a firewall between the two, obviously your web server needs access to the database, that in itself will enable a "bad guy" to access your database once he has access to your web server because the firewall allows access from your webserver to the database server, speed of connection to the database server doesn't really matter, how long does it take to transfer 16 characters?, if you are not using encryption or store the key on your web server he has full access to all of your credit card numbers. Secure both your webserver and your database server and the host os they run on (I would NOT use Windows), run tripwire or another similar program to monitor your PHP scripts, if someone were to hack your machine they could modify your PHP code to email them your users passwords, also conduct all transactions accross at least 128 bit SSL. Do NOT store the credit card number or login password unencrypted in a session, sessions are plain text by default and someone with access to your machine can read the session files or access your database and read the information. Make sure you really need to store credit cards, one bug and some script kiddie has your credit card information. Jason -----Original Message----- From: Someone Somewhere [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 10:48 AM To: [EMAIL PROTECTED] Subject: [PHP] Secure storage of credit card information I'm working on a e commerce site and I need to store the credit card info of people who purchase stuff, on the site. How can I encrypt the credit card # put it in a dbase and decrypt it when I need to Using Php4.* and Mysql. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
