On Wednesday 25 July 2001 17:53, Elvis wrote:
> You can always degrade the credit card.
>
> 1) verify AUTH ONLY (not capture) with your CC provider. (if you want to
verify they have funds available and the CC is valid)
> 2) store the CC # in the database
> 3) ..do your order processing thing or whatever you need to have the CC
for...
> 4) capture funds
> 5) degrade card value in the DB
>
> That seems to work well for non recurring credit card transactions (ie
single purchases)
One problem with this is that the CC number is still in the clear in the log
files from step 2 above. If you have a full log for auditing purposes or
debugging, an update log for backups, or a binary log for replication, the CC
number will be in cleartext in that log.
You need to do any encryption in your app to make this safer. That isn't
perfect either. If someone gets root on your machine (assuming it is a Linux
machine), then they'll be able to read the memory in which you application is
running and might be able to see the CC number in that memory before it is
encrypted. However, if you have that problem, this may be the least of your
worries.
Best,
Kyle
'bot bait: mysql database query SQL
--
Quicknet has just released the following new products:
Internet SwitchBoard v5.5 and MicroTelco Gateway 2.0. We
have also added a new low cost carrier, Blue Star Telecom
to our award winning MicroTelco services. For more
information visit: www.quicknet.net or www.microtelco.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php