Well, I need to set up this eCommerce system for my cousin.
What's a secure way of storing credit card transactions? Reversible Encryption? Remote Printing? Or should I just tell him to ring the customer and ask for the details?
CSS Codes
Modarator Man.
Storing credit cards...
Well, I need to set up this eCommerce system for my cousin.
What's a secure way of storing credit card transactions? Reversible Encryption? Remote Printing? Or should I just tell him to ring the customer and ask for the details?
Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
Currently: enjoying the early holidays :)Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide
Regular Coders
If he does enough business, and makes enough money... http://merchantwarehouse.com/credit_...ard+processing
Something like that could be worth it?
The Guy That Moderates
I would recommend using a payment gateway such as Paypal, 2Checkout, etc. When messing with Credit Cards and money handling it is always better to use an outside source (in this case, a payment gateway) for it as compared to using a database and a flemsy (spelling?) server-side script.
Hope this helps.
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design
Global Moderator
If they get the data, then they could decrypt it as by that point they would likely have your source code too. I say just make the system secure in the first place.
The only way that encryption like that would work is if you had a key to it that only he knew. If you had a password that generated a way to decrypt it, that would be helpful.
But, still, you need to store the data securely. A database is a good idea, I think, as long as it is secure.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Modarator Man.
Hmm... How would I do a key encryption?
Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
Currently: enjoying the early holidays :)Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide
Global Moderator
I really have no idea.
Well, I do, but nothing that will directly help you.
1. Code it yourself.
2. Look on PHP.net, hoping for some extension that allows this. I'm not currently aware of any functions like that, though.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Modarator Man.
Duh.1. Code it yourself.
Just point me where to start
Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
Currently: enjoying the early holidays :)Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide
Global Moderator
Go through each character and base it on the password.
take the md5 of the password, add the ordinal value of the characters to the md5 hash, repeating this every 32 characters. Well, then again, that's just a credit card, so no need to repeat it.
To decrypt, just do the inverse.
Or something else. Just be creative, be sure it works every time, and make sure there's no way to fake it.
It still wouldn't be entirely secure, but it would be helpful.
EDIT:
Tested, and that works.PHP Code:<?php
$pass = 'test';
$num = '1234123412341234';
function encrypt($num,$pass) {
$hash = substr(md5(md5($pass)),0,16);
for($n=0;$n<16;$n++) {
$o = $num[$n]+ord($hash[$n]);
$out[$n] = $o%10; //PHP PARSER ERROR: #37; should be %.
}
return implode('',$out);
}
function decrypt($num,$pass) {
$hash = substr(md5(md5($pass)),0,16);
for($n=0;$n<16;$n++) {
$o = $num[$n]-ord($hash[$n]);
$out[$n] = ($o%10)+10;
}
return implode('',$out);
}
echo $num."\n";
echo encrypt($num,$pass)."\n";
echo decrypt(encrypt($num,$pass),$pass);
?>
Output:
1234123412341234
3058828534429011
1234123412341234
Last edited by djr33; 07-27-2007 at 05:44 PM.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Modtoreador
For very sensitive details (credit card numbers, security codes), just don't store them at all. Require that the user re-enters them for each new transaction. Most companies do this nowadays; it also provides some protection for the user if the account is compromised.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Global Moderator
Sure. But you need to store them the first time, so you can actually bill the account. What would you suggest for that?
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Posting Permissions
Reply With Quote
Bookmarks