[thelist] sensitive info and security
David Treves
dwork at macam.ac.il
Sun Feb 2 05:51:01 CST 2003
--
[ Picked text/plain from multipart/alternative ]
Hi All,
I am working on a web site where I should retrieve credit card numbers from clients of the site and pass them to the site administrator for manually charging the client.
The site is written in PHP and the payment process is done in a secured page (128-bit SSL). I don't want to store this sensitive info in the server's database, and I think that mailing it to the admin is also unacceptable. I looked for encoding methods (algorithms such as Enigma to scramble a string using a secret keyword to decode back the original string). I am still in fear that if someone will hack the web server he will be able to read the PHP encoding scripts. In a scenario like this all encoding methods are actually useless...
My client does not have enough transactions to justify payment to a service which will auto-charge the client.
What are the alternatives you think I have in such situation?
Thanks in advance,
David.
--
More information about the thelist
mailing list