-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I got messaged off list which I don't appreciate.
But, yes PHP5 only or you could replace the lines for PHP4 and on:
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
With:
if( !function_exists( mhash ) ) {
$keys[] = sha1( sha1( $array[$x] ) );
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What I wrote there will work but I would highly recommend recompiling
PHP with the --with-mcrypt --with-mhash switches. The mcrypt libraries
can be found on sourceforge. http://libmcrypt.sourceforge.net
Jason Gerfen wrote:
I got messaged off list
On Dec 19, 2007 11:59 PM, Bastien Koert [EMAIL PROTECTED] wrote:
I take the view that I warn our customers about the dangers, and if really
concerning ask for an indemnity or a very formal request for change. I really
try to convince them of the correct path and keep any emails regarding the
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP to
send the credit card info to the merchant? This way the credit card
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP to
send the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG
@lists.php.net
Subject: Re: [PHP-DB] Credit Card Encryption Date: Wed, 19 Dec 2007 00:41:36
-0700 Ok I've done some research and some thinking. What about storing
orders in the database (product info and customer info) and then using GnuPG
or PGP to send the credit card info to the merchant? This way
On Dec 19, 2007 4:45 PM, Bastien Koert [EMAIL PROTECTED] wrote:
Nope, I still would not recommmend it. The only place the CC data should
travel to is the payment gateway. Anything else is a security risk. Why does
your client process by hand? They should be using a payment gateway.
ways to automate the various transactions and provide gateway access...
I, too, like to eat... ;-P
bastien
Date: Wed, 19 Dec 2007 17:21:57 -0500 From: [EMAIL PROTECTED] To: [EMAIL
PROTECTED] Subject: Re: [PHP-DB] Credit Card Encryption CC: [EMAIL
PROTECTED]; php-db@lists.php.net
Message-
From: Bastien Koert [mailto:[EMAIL PROTECTED]
Sent: Wed, December 19, 2007 11:02 PM
To: Daniel Brown
Cc: Keith Spiller; php-db@lists.php.net
Subject: RE: [PHP-DB] Credit Card Encryption
Dan,
Normally I would completely agree, its our job to find those
solutions. Unfortunately
to consider how to cover your ass on this.
Lawyers suck too. ;-P
bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC:
php-db@lists.php.net Subject: RE: [PHP-DB] Credit Card Encryption Date: Wed,
19 Dec 2007 23:21:52 -0500 Hmm, This is kind of throwing a new twist on
things. When it comes
Keith Spiller wrote:
Hi Everyone,
I'm trying to determine the best method to store credit card numbers in
a mysql database. As yet I have been unable to determine whether I
should use MySQL AES, DES or a PHP encryption method. I would greatly
appreciate any advice you guys could offer.
: php-db@lists.php.net
Subject: Re: [PHP-DB] Credit Card Encryption
Keith Spiller wrote:
Hi Everyone,
I'm trying to determine the best method to store credit
card numbers in
a mysql database. As yet I have been unable to determine whether I
should use MySQL AES, DES or a PHP
Think very carefully about what you want to do here. PCI (payment card
industry) has radically changed the rules about how CC data is stored in a
networked environment. If your data environment is shared (shared web hosting),
don't even think about it. There are a large number of rules that
Thanks for the information, especially the PCI Complancy link and info.
Keith
- Original Message -
From: Bastien Koert
To: Keith Spiller ; php-db@lists.php.net
Sent: Tuesday, December 18, 2007 9:41 PM
Subject: RE: [PHP-DB] Credit Card Encryption
Think very carefully about
: [PHP-DB] Credit Card Encryption
Think very carefully about what you want to do here. PCI (payment card
industry) has radically changed the rules about how CC data is stored in a
networked environment. If your data environment is shared (shared web
hosting), don't even think about
16 matches
Mail list logo