On Sun, 6 Oct 2002, David Gerler wrote: > Date: Sun, 6 Oct 2002 14:21:11 -0400 > From: David Gerler <[EMAIL PROTECTED]> > To: Mysql <[EMAIL PROTECTED]> > Subject: protecting CC numbers > > Hi, > I am working on an application that will need to store users CC > numbers so that they can be charge once a month and to verify > identity. My question is: I am in process of getting an SSL, but my > experience with SSL is none existent. Can someone give me an overview > of protecting the numbers with mysql and SSL? Will the SSL protect the > numbers when they are stored on the site? Or just when they are > transmitted? Should I use something like PGP to encrypt the numbers > before storing? If you are applying SSL to your webserver (i.e., getting/generating a certificate then you are protecting the information only when it is being sent to the webserver. You will need to encode the information again when you put it into the database using a two way key (i.e, unlike crypt or mysql's PASSWORD function which only encode it you will need a system which allows access to the original, unencoded version). In perl there are several options under Crype, Blowfish, Twofish and 3des are all secure although the latter may be nearing the end of its life). Please remember you will also need to protect the 'key' you use to encode the information. On a *nix box you can generate good keys from /dev/urandom.
Luck > > David Gerler > Gerler Enterprises > PO Box 16357 > Chesapeake VA 23328 > (757) 410-0738 > http://www.GerlerEnterprises.com/ > > Nationwide Dial-up from $12.45 /mo. > http://www.EasySitesForLess.com/ > > > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
