On 30 Jun 2009, at 11:00, CarSign wrote:
I am needing to store sensitive data like a Social Security Number
in our database that will be used by our web application.
Should the data be encrypted by PHP before it is passed to mysql OR
should it be encrypted by mysql OR should I encrypt in both places
so that it is double encrypted?
OR you could forget trying to do it yourself and rent a PCI compliant
data store. Authorize.net had a Customer Information Management
offering that is PCI compliant. Ask MGeary, as he has worked with it
quite extensively.
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
