Cryptic Writing

**TheGoldenShogun** · May 7th, 2003, 12:25 PM

ok I understand how the whole crypt function works with the salt. For a password I could store it encrypted in my DB using the crypt($password, $salt) command and just gcome up with an process to develop the salt. My question is how do I get an encrypted string from my database (say a credit card) and actually decrypt it so that I can use the cc numbers? and do any of you store credit cards in a system... if so, how do you do it?

**CornedBee** · May 8th, 2003, 05:24 AM

crypt is a one-way encryption. You must use a different way to secure credit-card numbers. (How about choosing a strong password for the database and storing the numbers plain?)

**phpman** · May 8th, 2003, 10:42 AM

never store credit card numbers in a db. have it sent to you or keep them else where.

**TheGoldenShogun** · May 8th, 2003, 01:42 PM

yeah i dont know about keeping it in the in the same db with plain numbers. I'm almost thinking that creating my own algorithm to encrypt and decrypt it would be the best way but I would need to store that function on the server anyways. Does mysql have any special functionality for something like this or should it all be done on the php side?

**CornedBee** · May 9th, 2003, 01:28 AM

Your algorithm doesn't matter. As long as there is no password or something that the user must enter to decrypt you have no security, only obscurity, which only motivates crackers.

Therefore I don't see the difference between plain numbers and a useless "encryption".

**TheGoldenShogun** · May 9th, 2003, 08:53 AM

well i'm talking about having a good password on the database. I thought that was a given that everybody has a secure password on their database. But I'm looking beyond that to having encryption of some type on the data in the password protected database.

Thread: Cryptic Writing

Thread Tools

Display

Cryptic Writing

Posting Permissions