Re: [PHP-DB] Credit Card Encryption

2007-12-26 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I got messaged off list which I don't appreciate. But, yes PHP5 only or you could replace the lines for PHP4 and on: $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); With: if( !function_exists( mhash ) ) { $keys[] = sha1( sha1( $array[$x] ) );

Re: [PHP-DB] Credit Card Encryption

2007-12-26 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What I wrote there will work but I would highly recommend recompiling PHP with the --with-mcrypt --with-mhash switches. The mcrypt libraries can be found on sourceforge. http://libmcrypt.sourceforge.net Jason Gerfen wrote: I got messaged off list

Re: [PHP-DB] Credit Card Encryption

2007-12-20 Thread Daniel Brown
On Dec 19, 2007 11:59 PM, Bastien Koert [EMAIL PROTECTED] wrote: I take the view that I warn our customers about the dangers, and if really concerning ask for an indemnity or a very formal request for change. I really try to convince them of the correct path and keep any emails regarding the

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Daniel Brown
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote: Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG or PGP to send the credit card info to the merchant? This way the credit card

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Brown wrote: On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote: Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG or PGP to send the

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Gerfen wrote: Daniel Brown wrote: On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote: Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Bastien Koert
@lists.php.net Subject: Re: [PHP-DB] Credit Card Encryption Date: Wed, 19 Dec 2007 00:41:36 -0700 Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG or PGP to send the credit card info to the merchant? This way

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Daniel Brown
On Dec 19, 2007 4:45 PM, Bastien Koert [EMAIL PROTECTED] wrote: Nope, I still would not recommmend it. The only place the CC data should travel to is the payment gateway. Anything else is a security risk. Why does your client process by hand? They should be using a payment gateway.

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Bastien Koert
ways to automate the various transactions and provide gateway access... I, too, like to eat... ;-P bastien Date: Wed, 19 Dec 2007 17:21:57 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Credit Card Encryption CC: [EMAIL PROTECTED]; php-db@lists.php.net

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Gary Wardell
Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Wed, December 19, 2007 11:02 PM To: Daniel Brown Cc: Keith Spiller; php-db@lists.php.net Subject: RE: [PHP-DB] Credit Card Encryption Dan, Normally I would completely agree, its our job to find those solutions. Unfortunately

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Bastien Koert
to consider how to cover your ass on this. Lawyers suck too. ;-P bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-db@lists.php.net Subject: RE: [PHP-DB] Credit Card Encryption Date: Wed, 19 Dec 2007 23:21:52 -0500 Hmm, This is kind of throwing a new twist on things. When it comes

Re: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Chris
Keith Spiller wrote: Hi Everyone, I'm trying to determine the best method to store credit card numbers in a mysql database. As yet I have been unable to determine whether I should use MySQL AES, DES or a PHP encryption method. I would greatly appreciate any advice you guys could offer.

RE: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Gary Wardell
: php-db@lists.php.net Subject: Re: [PHP-DB] Credit Card Encryption Keith Spiller wrote: Hi Everyone, I'm trying to determine the best method to store credit card numbers in a mysql database. As yet I have been unable to determine whether I should use MySQL AES, DES or a PHP

RE: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Bastien Koert
Think very carefully about what you want to do here. PCI (payment card industry) has radically changed the rules about how CC data is stored in a networked environment. If your data environment is shared (shared web hosting), don't even think about it. There are a large number of rules that

Re: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Keith Spiller
Thanks for the information, especially the PCI Complancy link and info. Keith - Original Message - From: Bastien Koert To: Keith Spiller ; php-db@lists.php.net Sent: Tuesday, December 18, 2007 9:41 PM Subject: RE: [PHP-DB] Credit Card Encryption Think very carefully about

Re: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Keith Spiller
: [PHP-DB] Credit Card Encryption Think very carefully about what you want to do here. PCI (payment card industry) has radically changed the rules about how CC data is stored in a networked environment. If your data environment is shared (shared web hosting), don't even think about