Re: [PHP] keeping credit card info in session

Em Domingo 08 Abril 2007 15:26, siavash1979@xxxxxxxxx escreveu:
Hi All,

I've got quite a bit or php experience, but I've never had to deal with
credit card info before. Now for a property rental site, I'm adding a way
for users to be able to fill out a form which also has some credit card
info in it.

After they submit the form, there are a couple of more steps and to pass
credit card info to the last page, I'm storing all the info in my session.
Now, I did go and bought an SSL certificate, so the booking section of the
site is on SSL (https). I'm just wondering if this is secure enough. as far
as I know, SSL means connection to server is secured, so session variables
should be secured too. no?

Also after I get credit card info, I'm storing them in a mysql table until
an admin would log in to the site, see new reservations, charge them
manually and contact the customer, and then that entry will be removed from
my database for ever. Is this ok? or is it a really bad idea? originally
the plan was to send an email to the admin with credit card info, but then
I realized that emails are very unsecure. so I decided to keep the info on
the SSL section of the site.

just because I'm dealing with credit cards, I'm so afraid of doing anything
now. Any suggestions? or perhaps any links to how to make it all more
secure?

Thanks a lot in advance,
Siavash

Just one thing: how about cript the DB data with base64 or anything else?
Some PGP key... Whatever...

JMO...

BTW, I liked your solution (store in DB)... I would use it...

[]s


--
Davi Vidal
davividal@xxxxxxxxxxxxxxxx
davividal@xxxxxxxxx
--

Agora com fortune:
"If a nation values anything more than freedom, it will lose its freedom;
and the irony of it is that if it is comfort or money it values more, it
will lose that, too.
-- W. Somerset Maugham"
.

Relevant Pages

  • Re: Form posting to other and sending email
    ... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... there are very few options available with this secure service and as you ... > the secure page and have a link to a page after the credit card is processed ... >>> people can get cold feet when it comes to giving out credit card info ...
    (microsoft.public.frontpage.client)
  • Re: email from a form secure
    ... Credit card info is *not* secure via email. ... Microsoft MVP - FrontPage ...
    (microsoft.public.frontpage.programming)
  • Re: Form posting to other and sending email
    ... that is the way it usually is but this is a special secure provider. ... > forwards an email with the booking info and prompts to log in and retrieve ... > the credit card info. ...
    (microsoft.public.frontpage.client)
  • Re: Form posting to other and sending email
    ... Thanks for your booking, you'll love visiting our city's attractions:) ... there are very few options available with this secure service and as you ... the secure page and have a link to a page after the credit card is processed ... >> people can get cold feet when it comes to giving out credit card info ...
    (microsoft.public.frontpage.client)
  • Re: Barcode Email
    ... >> designed for NSA quality attacks. ... > It's not even good enough to protect credit card info. ... This is not credit card quality info either. ... >> easily understood by the general public who sees barcodes every day of ...
    (comp.security.misc)