I assume you use the secure protocol (HTTPS) to do all these and store credit card info on server side. What's the problem then in regard to security?
--Mohammad On Fri, Jun 13, 2008 at 12:58 PM, Nathanael D. Noblet <[EMAIL PROTECTED]> wrote: > > Richtermeister wrote: > > Hi all, > > > > your points are well taken, and I'm not trying to put the cc numbers > > into a database for the very same reason.. > > I do, however, have to put it into the session as part of the checkout > > process, before I even get to use a payment gateway (after that it'll > > get obfuscated right away, and I only store the last 4 digits, yes..). > > Since session files are non-encrypted, > > and the system may at some point run on a shared server, I would like > > to encrypt at least the number before I put it in. > > > > Sounds good? > > What is stopping them from decrypting them? If they can read the session > files, they can read the key to decrypt as well. My suggestion would be > to store the sessions in a DB, so they aren't readable by anyone who > can't login to your DB with your credentials. Though I guess they can > read your connection file... I just wonder if there really is a way to > store this safely... > > -- > Nathanael d. Noblet > Gnat Solutions, Inc > T: 403.875.4613 > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---