Re: [PHP-DB] Credit Card Encryption

2007-12-26 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What I wrote there will work but I would highly recommend recompiling PHP with the --with-mcrypt --with-mhash switches. The mcrypt libraries can be found on sourceforge. http://libmcrypt.sourceforge.net Jason Gerfen wrote: > I got messaged off list wh

Re: [PHP-DB] Credit Card Encryption

2007-12-26 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I got messaged off list which I don't appreciate. But, yes PHP5 only or you could replace the lines for PHP4 and on: $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); With: if( !function_exists( mhash ) ) { $keys[] = sha1( sha1( $array[$x] ) ); }

Re: [PHP-DB] Credit Card Encryption

2007-12-20 Thread Daniel Brown
On Dec 19, 2007 11:59 PM, Bastien Koert <[EMAIL PROTECTED]> wrote: > I take the view that I warn our customers about the dangers, and if really > concerning ask for an indemnity or a very formal request for change. I really > try to convince them of the correct path and keep any emails regarding

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Bastien Koert
consider how to cover your ass on this. Lawyers suck too. ;-P bastien> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> CC: php-db@lists.php.net> Subject: RE: [PHP-DB] Credit Card Encryption> Date: Wed, 19 Dec 2007 23:21:52 -0500> > Hmm,> > This is kind of throwing a new t

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Gary Wardell
Original Message- > From: Bastien Koert [mailto:[EMAIL PROTECTED] > Sent: Wed, December 19, 2007 11:02 PM > To: Daniel Brown > Cc: Keith Spiller; php-db@lists.php.net > Subject: RE: [PHP-DB] Credit Card Encryption > > > > Dan, > > Normally I would completely agr

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Bastien Koert
ways to automate the various transactions and provide gateway access... I, too, like to eat... ;-P bastien > Date: Wed, 19 Dec 2007 17:21:57 -0500> From: [EMAIL PROTECTED]> To: [EMAIL > PROTECTED]> Subject: Re: [PHP-DB] Credit Card Encryption> CC: [EMAIL &g

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Daniel Brown
On Dec 19, 2007 4:45 PM, Bastien Koert <[EMAIL PROTECTED]> wrote: > > Nope, I still would not recommmend it. The only place the CC data should > travel to is the payment gateway. Anything else is a security risk. Why does > your client process by hand? They should be using a payment gateway.

RE: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Bastien Koert
php-db@lists.php.net> Subject: Re: [PHP-DB] Credit Card Encryption> Date: Wed, 19 Dec 2007 00:41:36 -0700> > Ok I've done some research and some thinking. What about storing orders in > the database (product info and customer info) and then using GnuPG or PGP to > send the credit ca

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Gerfen wrote: > Daniel Brown wrote: >> On Dec 19, 2007 2:41 AM, Keith Spiller <[EMAIL PROTECTED]> wrote: >>> Ok I've done some research and some thinking. What about storing orders in >>> the database (product info and customer info) and then us

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Jason Gerfen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Brown wrote: > On Dec 19, 2007 2:41 AM, Keith Spiller <[EMAIL PROTECTED]> wrote: >> Ok I've done some research and some thinking. What about storing orders in >> the database (product info and customer info) and then using GnuPG or PGP to >> se

Re: [PHP-DB] Credit Card Encryption

2007-12-19 Thread Daniel Brown
On Dec 19, 2007 2:41 AM, Keith Spiller <[EMAIL PROTECTED]> wrote: > Ok I've done some research and some thinking. What about storing orders in > the database (product info and customer info) and then using GnuPG or PGP to > send the credit card info to the merchant? This way the credit card > inf

Re: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Keith Spiller
order id (which could even be a unique and hidden value stored via AES in the mysql db). What are your thoughts? Keith - Original Message - From: "Bastien Koert" <[EMAIL PROTECTED]> To: "Keith Spiller" <[EMAIL PROTECTED]>; Sent: Tuesday, December

Re: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Keith Spiller
Thanks for the information, especially the PCI Complancy link and info. Keith - Original Message - From: Bastien Koert To: Keith Spiller ; php-db@lists.php.net Sent: Tuesday, December 18, 2007 9:41 PM Subject: RE: [PHP-DB] Credit Card Encryption Think very carefully about

RE: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Bastien Koert
Think very carefully about what you want to do here. PCI (payment card industry) has radically changed the rules about how CC data is stored in a networked environment. If your data environment is shared (shared web hosting), don't even think about it. There are a large number of rules that you

RE: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Gary Wardell
, 2007 9:30 PM > To: Keith Spiller > Cc: php-db@lists.php.net > Subject: Re: [PHP-DB] Credit Card Encryption > > > Keith Spiller wrote: > > Hi Everyone, > > > > I'm trying to determine the best method to store credit > card numbers in > > a mys

Re: [PHP-DB] Credit Card Encryption

2007-12-18 Thread Chris
Keith Spiller wrote: Hi Everyone, I'm trying to determine the best method to store credit card numbers in a mysql database. As yet I have been unable to determine whether I should use MySQL AES, DES or a PHP encryption method. I would greatly appreciate any advice you guys could offer. Wh