A client has asked us to make him an application that requires us keeping
Credit Card Numbers. I'm a bit concerned as it immediately remined me of
egghead.com (having all their CC #'s stolen).
One of the ideas was to have the users password encrypted as an md5 hash,
and then to encrypt the users CC with their password. So we wouldn't
actually keep anything that could immediatly show credit card numbers on
the server. The problem this creates is whenever we need to use their
credit card, the user needs to enter in their password. Which would be
quite inconvenient as we'd use it in many places (like showing the last 4
digits to verify it's the right card).
The only other idea was to just stick them in plain text and keep people
far away from the MySQL server.
Has anyone had any experience with this? Or any suggestions?
Thanks,
Chris
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
