On Sat, May 20, 2006 10:35 am, Lawrence Kennon wrote:
--- Rory Browne [EMAIL PROTECTED] wrote:
but does support Cardservice
International.
These guys give you a PHP library that you http://php.net/include
which then provides functions you can call which you pass in the CC#
and they give you
--- Rory Browne [EMAIL PROTECTED] wrote:
It's better if, when it comes to time
to checkout, you redirect your client
to your Payment Service Providers (PSP's)
website, your PSP processes the payment,
and redirects the client back to your
site. The PSP would then contact you
directly
snip
So let's say that I want to integrate a shopping cart
with a PSP, right up to the moment they get to the
checkout, they see my client's URL. They hit the
Checkout button and then they will see the URL of
the PSP? Then once they place the order then they are
redirected back to my client's
On 5/19/06, Lawrence Kennon [EMAIL PROTECTED] wrote:
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores orders (including credit
card numbers) in plain
Re: Encryption Advice
First off, thanks to the folks who replied with
advice. I am mulling over your advice (and I greatly
appreciate it!). I have been doing PHP programming for
a couple years, including secure sites, but this is my
first ecommerce venture, so I am trying to learn as
much as I
Lawrence Kennon wrote:
I use a directive to tell gpg to not warn me about
using insecure memory but since no private keys
reside on this host I think I can safely ignore that
(they can't steal what is not there).
But your unencrypted data is there, so someone could possibly snoop
that from
--- Koen Martens [EMAIL PROTECTED] wrote:
But your unencrypted data is there, so someone could
possibly snoop
that from the insecure memory.
This is true.
I am going to ask the hosting company to setuid gpg as
root. That should solve one problem (from gpg docs):
This is necessary to lock
--- Koen Martens [EMAIL PROTECTED] wrote:
But your unencrypted data is there, so someone could
possibly snoop
that from the insecure memory.
This is true.
I am going to ask the hosting company to setuid gpg as
root. That should solve one problem (from gpg docs):
This is
On Fri, May 19, 2006 8:54 am, Lawrence Kennon wrote:
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores
On Fri, May 19, 2006 1:36 pm, Lawrence Kennon wrote:
In regards to GNU Privacy Guard (gpg), I did actually
manage to get that to work in the hosting environment
(without the help of the hosting support folks! :). I
use a directive to tell gpg to not warn me about
using insecure memory but
On Fri, May 19, 2006 3:00 pm, Lawrence Kennon wrote:
But just out of curiousity, let's assume you are
running a shopping cart which takes credit cards and
passes them on to whomever approves them and you don't
_ever_ write this info to files. Aren't you also
vulnerable to someone being able
snip lots of good stuff
Are there any employees who have access to this PC? What sort of
background checks have you run on every employee?
Do you REALLY want to run the risk of having to DESTROY your
reputation with all your customers?
/snip
Not only all that, but suppose one of your
DO NOT STORE CREDIT CARD NUMBERS!!!
Period!!!
If your PHP script can access them, then they are too accessible to
the Bad Guys.
Ditto
Even if nothing else, someone could modify your code to email them the CC
Numbers.
It's better if, when it comes to time to checkout, you redirect your
14 matches
Mail list logo