Em Domingo 08 Abril 2007 15:26, [EMAIL PROTECTED] escreveu:
> Hi All,
>
> I've got quite a bit or php experience, but I've never had to deal with
> credit card info before. Now for a property rental site, I'm adding a way
> for users to be able to fill out a form which also has some credit card
> info in it.
>
> After they submit the form, there are a couple of more steps and to pass
> credit card info to the last page, I'm storing all the info in my session.
> Now, I did go and bought an SSL certificate, so the booking section of the
> site is on SSL (https). I'm just wondering if this is secure enough. as far
> as I know, SSL means connection to server is secured, so session variables
> should be secured too. no?
>
> Also after I get credit card info, I'm storing them in a mysql table until
> an admin would log in to the site, see new reservations, charge them
> manually and contact the customer, and then that entry will be removed from
> my database for ever. Is this ok? or is it a really bad idea? originally
> the plan was to send an email to the admin with credit card info, but then
> I realized that emails are very unsecure. so I decided to keep the info on
> the SSL section of the site.
>
> just because I'm dealing with credit cards, I'm so afraid of doing anything
> now. Any suggestions? or perhaps any links to how to make it all more
> secure?
>
> Thanks a lot in advance,
> Siavash
Just one thing: how about cript the DB data with base64 or anything else?
Some PGP key... Whatever...
JMO...
BTW, I liked your solution (store in DB)... I would use it...
[]s
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
"If a nation values anything more than freedom, it will lose its freedom;
and the irony of it is that if it is comfort or money it values more, it
will lose that, too.
-- W. Somerset Maugham"
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
