Really quick answer:
1. consider storing them OFF the server as soon as possible... having
minimal (if any) numbers stored on the live (net connected server) will:
a) make the server a less desireable hack
b) result in less risk in case of a hack
c) be more responsible to your customers
2. install the mcrypt library, do a heap of reading about how to store keys
etc etc and encrypt anything that you store
3. yes, use SSL, but as you are aware, this only encrypts the data during
transit from the user to the server... you need to consider
a) how the numbers are stored
b) where they are stored
c) how the #'s are transferred from the server to you (SSL or encrypt
on 05/11/02 2:37 AM, adrian [EMAIL PROTECTED]
([EMAIL PROTECTED]) wrote:
> I know this is an old chestnut and i am going thru archives
> and googling as well.
> anyhoo, my small company recently decided that live cc processing was too
> expensive for our needs (this has to do with us being based in ireland where
> there is a problem with the banks -they only deal with one irish company to
> process and its too expensive for us - don't really know the details but thats
> what i was told).
> so we're going to store the cc numbers and process manually(we're a small
> company at present so we're not talking 1000's of numbers just yet).
> i'd appreciate anyones experience or advice regarding storing in a mysql db -
> articles etc..
> i also have the option of using postgres (haven't used it before) if anyone
> thinks i should.
> as a side note - i notice that phpshop stores cc numbers in mysql.any thoughs
> on that - i.e. is it a good example of how it should be done.
> many thanx,
> adrian murphy
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php