Results 1 to 5 of 5

Thread: From an html form in https:// url save the credit card data in a mysql database table

  1. #1
    Join Date
    Oct 2004
    Posts
    425
    Thanks
    4
    Thanked 1 Time in 1 Post

    Default From an html form in https:// url save the credit card data in a mysql database table

    Can you tell me the code tricks involved in :
    From an html form in https:// url save the credit card data in a mysql database table SECURELY ? Then retreive them securely at https:// url ?
    I know all the code to store data, and retreive from DB/TABLE but I do not know the secure tricks ... for this .

  2. #2
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    my suggestion is to NOT store sensitive information like that in a database, however if you do, I would suggest that you encrypt the data so that if the database was compromised the information stored in it wouldn't also be compromised

  3. #3
    Join Date
    Oct 2004
    Posts
    425
    Thanks
    4
    Thanked 1 Time in 1 Post

    Default

    companies accept credit card data , what do ? As I say, I know all the code to store data, and retreive from DB/TABLE but I do not know the secure tricks like encryption work , in what stage, and how to implement...? can you give some sample segments of code ?

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    We've had long discussions on this question.

    The end result is that you really can't store the numbers securely.

    Imagine your database as a very secure safe in your house. Imagine your house being the server.

    Sure, if they break into the safe it the encrypted data won't be readable to them, but you forget that they're already in your house, where you store the method you used to encrypt them.

    The only way that encryption works is to have the key to the encryption and the encrypted value separate. If they have both, then it's no challenge for the hacker to steal it.

    Anyway, there are a number of ways to encrypt something, but no ways to protect the data/method from the hacker if they're on the same server. (If your database is on another server it's a little more secure, but that can be accessed from the main server, so they still only need to break one. If they just broke into the database, I suppose it would stay secure.)

    Here's a conversation we had a while ago. You might find it helpful.
    http://www.dynamicdrive.com/forums/s...ad.php?t=23000
    Peter [tech_support] and I took some of those ideas and expanded on them, eventually coming up with some concepts for a possibly secure system. However, it was still incredibly difficult (we never did finish it), and only as secure as its weakest link.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    Something else worth noting is that you need to comply with PCI regulations in order to save sensitive data like this. More info can be found here: http://www.pcicomplianceguide.org/

    Hope this helps.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •