On Sat, May 20, 2006 10:35 am, Lawrence Kennon wrote:
> --- Rory Browne <[EMAIL PROTECTED]> wrote:
> but does support Cardservice
> International.
These guys give you a PHP library that you http://php.net/include
which then provides functions you can call which you pass in the CC#
and they give yo
So let's say that I want to integrate a shopping cart
with a PSP, right up to the moment they get to the
checkout, they see my client's URL. They hit the
"Checkout" button and then they will see the URL of
the PSP? Then once they place the order then they are
redirected back to my client's site a
--- Rory Browne <[EMAIL PROTECTED]> wrote:
> It's better if, when it comes to time
> to checkout, you redirect your client
> to your Payment Service Providers (PSP's)
> website, your PSP processes the payment,
> and redirects the client back to your
> site. The PSP would then contact you
> di
DO NOT STORE CREDIT CARD NUMBERS!!!
Period!!!
If your PHP script can access them, then they are too accessible to
the Bad Guys.
Ditto
Even if nothing else, someone could modify your code to email them the CC
Numbers.
It's better if, when it comes to time to checkout, you redirect your client
> Are there any employees who have access to this PC? What sort of
> background checks have you run on every employee?
>
> Do you REALLY want to run the risk of having to DESTROY your
> reputation with all your customers?
>
Not only all that, but suppose one of your customers has his CC info
On Fri, May 19, 2006 3:00 pm, Lawrence Kennon wrote:
> But just out of curiousity, let's assume you are
> running a shopping cart which takes credit cards and
> passes them on to whomever approves them and you don't
> _ever_ write this info to files. Aren't you also
> vulnerable to someone being ab
On Fri, May 19, 2006 1:36 pm, Lawrence Kennon wrote:
> In regards to GNU Privacy Guard (gpg), I did actually
> manage to get that to work in the hosting environment
> (without the help of the hosting support folks! :). I
> use a directive to tell gpg to not warn me about
> "using insecure memory" b
On Fri, May 19, 2006 8:54 am, Lawrence Kennon wrote:
> For an ecommerce site where sensitive data is stored
> either in files, or in a database, have you used some
> form of encryption to protect your customer's data?
>
> I have a client who currently uses a Perl scripted
> shopping cart that store
> --- Koen Martens <[EMAIL PROTECTED]> wrote:
>
> > But your unencrypted data is there, so someone could
> > possibly snoop
> > that from the insecure memory.
>
> This is true.
>
> I am going to ask the hosting company to setuid gpg as
> root. That should solve one problem (from gpg docs):
>
>
--- Koen Martens <[EMAIL PROTECTED]> wrote:
> But your unencrypted data is there, so someone could
> possibly snoop
> that from the insecure memory.
This is true.
I am going to ask the hosting company to setuid gpg as
root. That should solve one problem (from gpg docs):
"This is necessary to l
Lawrence Kennon wrote:
> I use a directive to tell gpg to not warn me about
> "using insecure memory" but since no private keys
> reside on this host I think I can safely ignore that
> (they can't steal what is not there).
But your unencrypted data is there, so someone could possibly snoop
that fr
Re: Encryption Advice
First off, thanks to the folks who replied with
advice. I am mulling over your advice (and I greatly
appreciate it!). I have been doing PHP programming for
a couple years, including secure sites, but this is my
first ecommerce venture, so I am trying to learn as
much as I can
>
> For an ecommerce site where sensitive data is stored
> either in files, or in a database, have you used some
> form of encryption to protect your customer's data?
>
> I have a client who currently uses a Perl scripted
> shopping cart that stores orders (including credit
> card numbers) in pl
On 5/19/06, Lawrence Kennon <[EMAIL PROTECTED]> wrote:
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores orde
14 matches
Mail list logo