[thelist] Storing Credit Card Info on a Server Securely, How?
Chris Blessing
webguy at mail.rit.edu
Wed Mar 6 08:48:04 CST 2002
Instead of using a file to store the information, why not look into a
database? You can encrypt the card numbers on the server side (as they go
into the db) after accepting the form post over an SSL connection, then
decrypt them on retrieval and send them back to the client (if your
application provides for this) over the SSL connection as well. While it's
not completely fool-proof (your method of encryption will most likely be the
"weakest link" here) it is relatively secure as long as the web server/db
server is secure as well.
Check out this article on how to use PHP's encryption functions to get the
job done:
http://www.onlamp.com/pub/a/php/2001/07/26/encrypt.html
Chris Blessing
webguy at mail.rit.edu
http://www.330i.net
> I want to accept credit cards via a form in an Apache/PHP environment.
> Obviously, I want to be able to ensure that the credit card information is
> stored securely. I image that I need to secure the form post, encrypt the
> data and write it to a file on the server, retrieve it, and unencrypt it.
> Would that work, and if so how can I do it?
>
> Thanks,
> Josh
More information about the thelist
mailing list