well the one that hold the credit cards. what company do you work for ?
----- Original Message -----
From: "Luis" <[EMAIL PROTECTED]>
To: "Derick Dorner" <[EMAIL PROTECTED]>; "Chris Cameron" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Sunday, July 01, 2001 3:51 PM
Subject: Re: Storing Credit Cards
> for what company do you work if you dont mind me asking?
>
>
>
> ----- Original Message -----
> From: "Derick Dorner" <[EMAIL PROTECTED]>
> To: "Chris Cameron" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Sunday, July 01, 2001 3:23 PM
> Subject: Re: Storing Credit Cards
>
>
> > I am running a website that users enter a credit card # (we have several
> > hundred thous users and this works fine) and they are stored in the
> > database, and their membership is renewed monthly. I keep the credit
card
> > #'s in a seperate database with strict permissions, and ALL data is
> > encrypted using mysqls function so its fast, and the salt to encrypt
them
> is
> > stored in a binary file readable only by that server and select admins
> > ..never had a problem. if i wanted to make it more secure i am doing
> > this...i am writing a seperate compiled c program to enter the database
> and
> > do the membership renewals, rather than php, and this way the salt used
to
> > decode the credit card info is NEVER on plaintext on the server, and
that
> > program wont run on another server...so no matter how bad we are hacked,
> it
> > is very difficult to get the infomation from us. this seems to be a good
> and
> > fast method.
> >
> > ----- Original Message -----
> > From: "Chris Cameron" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Sunday, July 01, 2001 4:27 PM
> > Subject: Storing Credit Cards
> >
> >
> > > A client has asked us to make him an application that requires us
> keeping
> > > Credit Card Numbers. I'm a bit concerned as it immediately remined me
of
> > > egghead.com (having all their CC #'s stolen).
> > >
> > > One of the ideas was to have the users password encrypted as an md5
> hash,
> > > and then to encrypt the users CC with their password. So we wouldn't
> > > actually keep anything that could immediatly show credit card numbers
on
> > > the server. The problem this creates is whenever we need to use their
> > > credit card, the user needs to enter in their password. Which would be
> > > quite inconvenient as we'd use it in many places (like showing the
last
> 4
> > > digits to verify it's the right card).
> > >
> > > The only other idea was to just stick them in plain text and keep
people
> > > far away from the MySQL server.
> > >
> > > Has anyone had any experience with this? Or any suggestions?
> > >
> > > Thanks,
> > > Chris
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Before posting, please check:
> > > http://www.mysql.com/manual.php (the manual)
> > > http://lists.mysql.com/ (the list archive)
> > >
> > > To request this thread, e-mail <[EMAIL PROTECTED]>
> > > To unsubscribe, e-mail
> > <[EMAIL PROTECTED]>
> > > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> > >
> >
> >
> > ---------------------------------------------------------------------
> > Before posting, please check:
> > http://www.mysql.com/manual.php (the manual)
> > http://lists.mysql.com/ (the list archive)
> >
> > To request this thread, e-mail <[EMAIL PROTECTED]>
> > To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
