Best Encryption
I am totally and completely against it, but a client of mine wants his customers' CC numbers kept in a MySQL database
I eventually came to a compromise that they would only be there for no more than 1 day, and he would take them from the DB onto a secure file on his computer. He needs them for repeated, periodic billing.
My question:
What is the best way to encrypt them in PHP? They have to be decrypted later
I'm also looking for speed in encryption because the sequence is like this:
Shopping Cart -> Enter billing info -> Encryption saves to DB -> Linkpoint API (giving me problems too ) -> Thank you page (or denied page)
On the Admin page, I have .htpasswd encryption, I'm using PHP authorization, and it will only run on 2 IP addresses unless he tells me that it is to be changed
Sure I may seem paranoid, but if I were his customer, I would want the highest level of security possible
Help me out if you can... quick encryption/decryption!
ROB posted this at 06:27 — 1st January 2003.
They have: 447 posts
Joined: Oct 1999
i'd suggest compiling php with mcrypt. nothing is foolproof, especially two-way encryption, but it's pretty decent considering what's available (nothing).
There are other encryption algorithms available converted to php, though. May even be more secure to use some obscure algorithm to encode the data.
Mark Hensler posted this at 14:02 — 1st January 2003.
He has: 4,048 posts
Joined: Aug 2000
hehe, you could do all kinds of stuff to them. You could bit shift stuff, then run mcrypt.
Something to think about: anyone who has read access to the file making the encrypted string, will be able to decrypt it. Who has read access to the files?
On some hosts, I've been able to traverse the whole file system, and read nearly anything I want. Even files in another user's account. NOT GOOD! chmod 600
Mark Hensler
If there is no answer on Google, then there is no question.
nike_guy_man posted this at 16:28 — 1st January 2003.
They have: 840 posts
Joined: Sep 2000
He has suggested using PGP to encrypt then email to him... I've never used PGP before
This way would not be saving the CCs into a DB
How would I send to PGP? I've been rooting around PHP.net and shell_exec() seems to work
Would this way be more secure?
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.