Re: [PHP] storing cc details in mysql
Really quick answer: 1. consider storing them OFF the server as soon as possible... having minimal (if any) numbers stored on the live (net connected server) will: a) make the server a less desireable hack b) result in less risk in case of a hack c) be more responsible to your customers 2. install the mcrypt library, do a heap of reading about how to store keys etc etc and encrypt anything that you store 3. yes, use SSL, but as you are aware, this only encrypts the data during transit from the user to the server... you need to consider a) how the numbers are stored b) where they are stored c) how the #'s are transferred from the server to you (SSL or encrypt again!) Cheers, J on 05/11/02 2:37 AM, adrian [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > Hi, > I know this is an old chestnut and i am going thru archives > and googling as well. > anyhoo, my small company recently decided that live cc processing was too > expensive for our needs (this has to do with us being based in ireland where > there is a problem with the banks -they only deal with one irish company to > process and its too expensive for us - don't really know the details but thats > what i was told). > so we're going to store the cc numbers and process manually(we're a small > company at present so we're not talking 1000's of numbers just yet). > i'd appreciate anyones experience or advice regarding storing in a mysql db - > articles etc.. > i also have the option of using postgres (haven't used it before) if anyone > thinks i should. > as a side note - i notice that phpshop stores cc numbers in mysql.any thoughs > on that - i.e. is it a good example of how it should be done. > > many thanx, > adrian murphy > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing cc details in mysql
There are AES_Encrypt/Decrypt and DES_Encrypt/Decrypt functions in MySQL. Quote from Manual: AES_ENCRYPT() and AES_DECRYPT() were added in version 4.0.2, and can be considered the most cryptographically secure encryption functions currently available in MySQL. http://www.mysql.com/doc/en/Miscellaneous_functions.html You can also compile PHP with different encryption modules and use those. ---John Holmes... - Original Message - From: "adrian [EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 11:37 AM Subject: [PHP] storing cc details in mysql Hi, I know this is an old chestnut and i am going thru archives and googling as well. anyhoo, my small company recently decided that live cc processing was too expensive for our needs (this has to do with us being based in ireland where there is a problem with the banks -they only deal with one irish company to process and its too expensive for us - don't really know the details but thats what i was told). so we're going to store the cc numbers and process manually(we're a small company at present so we're not talking 1000's of numbers just yet). i'd appreciate anyones experience or advice regarding storing in a mysql db - articles etc.. i also have the option of using postgres (haven't used it before) if anyone thinks i should. as a side note - i notice that phpshop stores cc numbers in mysql.any thoughs on that - i.e. is it a good example of how it should be done. many thanx, adrian murphy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] storing cc details in mysql
Rule no. 1 => Never save the cc-numbers in an online database. Regards, Sumarlidi E. Dadason SED - Graphic Design _ Tel: 896-0376, 461-5501 E-mail: [EMAIL PROTECTED] website: www.sed.is -Original Message- From: adrian [EMAIL PROTECTED] [mailto:adrian.murphy@;2020tourism.com] Sent: 4. nóvember 2002 16:41 To: adrian [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP] storing cc details in mysql Sorry forgot to say we do have a secure server. - Original Message - From: "adrian [EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 4:37 PM Subject: [PHP] storing cc details in mysql Hi, I know this is an old chestnut and i am going thru archives and googling as well. anyhoo, my small company recently decided that live cc processing was too expensive for our needs (this has to do with us being based in ireland where there is a problem with the banks -they only deal with one irish company to process and its too expensive for us - don't really know the details but thats what i was told). so we're going to store the cc numbers and process manually(we're a small company at present so we're not talking 1000's of numbers just yet). i'd appreciate anyones experience or advice regarding storing in a mysql db - articles etc.. i also have the option of using postgres (haven't used it before) if anyone thinks i should. as a side note - i notice that phpshop stores cc numbers in mysql.any thoughs on that - i.e. is it a good example of how it should be done. many thanx, adrian murphy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing cc details in mysql
Sorry forgot to say we do have a secure server. - Original Message - From: "adrian [EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 4:37 PM Subject: [PHP] storing cc details in mysql Hi, I know this is an old chestnut and i am going thru archives and googling as well. anyhoo, my small company recently decided that live cc processing was too expensive for our needs (this has to do with us being based in ireland where there is a problem with the banks -they only deal with one irish company to process and its too expensive for us - don't really know the details but thats what i was told). so we're going to store the cc numbers and process manually(we're a small company at present so we're not talking 1000's of numbers just yet). i'd appreciate anyones experience or advice regarding storing in a mysql db - articles etc.. i also have the option of using postgres (haven't used it before) if anyone thinks i should. as a side note - i notice that phpshop stores cc numbers in mysql.any thoughs on that - i.e. is it a good example of how it should be done. many thanx, adrian murphy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php