Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP to
send the credit card info to the merchant? This way the credit card
information is not stored on the server or in the database but only in
pr
Thanks for the information, especially the PCI Complancy link and info.
Keith
- Original Message -
From: Bastien Koert
To: Keith Spiller ; php-db@lists.php.net
Sent: Tuesday, December 18, 2007 9:41 PM
Subject: RE: [PHP-DB] Credit Card Encryption
Think very carefully about
Think very carefully about what you want to do here. PCI (payment card
industry) has radically changed the rules about how CC data is stored in a
networked environment. If your data environment is shared (shared web hosting),
don't even think about it. There are a large number of rules that you
And if you do store it, don't store it on the websderver. Make sure it's on
another server behind another firewall.
You don't want someone that hacks into your web server to have ready access to
your database.
I think AES is supposed to be the best, then 3DES is next. (That's 3DES, or
triple
Keith Spiller wrote:
Hi Everyone,
I'm trying to determine the best method to store credit card numbers in
a mysql database. As yet I have been unable to determine whether I
should use MySQL AES, DES or a PHP encryption method. I would greatly
appreciate any advice you guys could offer.
Wh
Hi Everyone,
I'm trying to determine the best method to store credit card numbers in a
mysql database. As yet I have been unable to determine whether I should use
MySQL AES, DES or a PHP encryption method. I would greatly appreciate any
advice you guys could offer.
Thanks.
Keith
--
PHP
i have this on top of my php page:
header("Content-Type: application/vnd.ms-excel");
header("Content-Disposition: inline; filename=excelfile.xls");
but it is not prompt to save the file instead it opens right in IE.
my question is how do i force the browser prompts to save the file?
That sh
