Home > Archive > PHP DB > December 2007 > Re: [PHP-DB] Credit Card Encryption
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: [PHP-DB] Credit Card Encryption
|
|
| Chris 2007-12-18, 10:00 pm |
| Keith Spiller wrote:
> Hi Everyone,
>
> I'm trying to determine the best method to store credit card numbers in
> a mysql database. As yet I have been unable to determine whether I
> should use MySQL AES, DES or a PHP encryption method. I would greatly
> appreciate any advice you guys could offer.
Why do you need to store c/c info? If at all possible, don't.
If you're looking for something like recurring payments, use paypal or
one of the other payment providers that support it.
--
Postgresql & php tutorials
http://www.designmagick.com/
| |
| Gary Wardell 2007-12-19, 3:59 am |
| And if you do store it, don't store it on the websderver. Make sure it's on another server behind another firewall.
You don't want someone that hacks into your web server to have ready access to your database.
I think AES is supposed to be the best, then 3DES is next. (That's 3DES, or triple DES, not DES)
But like Chris said: if you don't have to, dont do it.
But if you must, encrypt all of the personal information data points, not just the CC info.
Gary
> -----Original Message-----
> From: Chris [mailto:dmagick@gmail.com]
> Sent: Tue, December 18, 2007 9:30 PM
> To: Keith Spiller
> Cc: php-db@lists.php.net
> Subject: Re: [PHP-DB] Credit Card Encryption
>
>
> Keith Spiller wrote:
> card numbers in
> would greatly
>
> Why do you need to store c/c info? If at all possible, don't.
>
> If you're looking for something like recurring payments, use
> paypal or
> one of the other payment providers that support it.
>
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
|
|
|
|
|