Just a thought, but I'd strongly advise you against storing this kind of information unless you/your company has the kind of legal backing and security infrastructure to support protecting such critical information. I know this doesn't answer your question, but the reality is there the is not going to be a good solution for this problem as it is a sort of "chicken and egg" problem. Even if you use the most sophisticated public/private key encryption, compromising the server would spell disaster. (After all, the software can read it, no?)
Large companies like PayPal and the like have invested millions in security and indeed, when people buy online they expect this sort of security. Protect your customers and you will protect your business.... Just my 2-cents. Best, JLS On Jun 13, 2008, at 12:08 PM, Mohammad Ali Safari wrote: > I assume you use the secure protocol (HTTPS) to do all these and > store credit card info on server side. What's the problem then in > regard to security? > > --Mohammad > > On Fri, Jun 13, 2008 at 12:58 PM, Nathanael D. Noblet <[EMAIL PROTECTED] > > wrote: > > Richtermeister wrote: > > Hi all, > > > > your points are well taken, and I'm not trying to put the cc numbers > > into a database for the very same reason.. > > I do, however, have to put it into the session as part of the > checkout > > process, before I even get to use a payment gateway (after that > it'll > > get obfuscated right away, and I only store the last 4 digits, > yes..). > > Since session files are non-encrypted, > > and the system may at some point run on a shared server, I would > like > > to encrypt at least the number before I put it in. > > > > Sounds good? > > What is stopping them from decrypting them? If they can read the > session > files, they can read the key to decrypt as well. My suggestion would > be > to store the sessions in a DB, so they aren't readable by anyone who > can't login to your DB with your credentials. Though I guess they can > read your connection file... I just wonder if there really is a way to > store this safely... > > -- > Nathanael d. Noblet > Gnat Solutions, Inc > T: 403.875.4613 > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
