----- Original Message -----
From: "Chris Cameron" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 01, 2001 2:27 PM
Subject: Storing Credit Cards
> One of the ideas was to have the users password encrypted as an md5 hash,
> and then to encrypt the users CC with their password. So we wouldn't
> actually keep anything that could immediatly show credit card numbers on
> the server. The problem this creates is whenever we need to use their
> credit card, the user needs to enter in their password. Which would be
> quite inconvenient as we'd use it in many places (like showing the last 4
> digits to verify it's the right card).
I think a user would much rather enter their credit card information over &
over, rather than their passwords since they can inherently understand the
need for securing their CC. Some developers I know either refuse to store CC
numbers at all or request that the client sign a waiver absolving the
developers of liability in case of a hack. The latter option may be a bit
much, but storing CC numbers overall is really not the ideal situation.
> The only other idea was to just stick them in plain text and keep people
> far away from the MySQL server.
There's no such thing as "far away" on the Internet :-). If you still want
to explore this, you could invest in something extraordinary like a
SideWinder box, depending on your client & their liability comfort level
(and budget!).
Good Luck,
Dennis
**********************************************
Beridney Computer Services
http://www.beridney.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
