|
-
Jan 21st, 2005, 02:34 PM
#1
store credit cards for customers
I need to store credit card info for customers, but obviously I want it to be secure.
I don't really want to store them in my SQL Server, as if it was ever compromised that would be a big problem. If I encrypted the values in the DB, I would need the code to decrypt them in the webpage, and the website and sql server sit on the same machine, so an attack could give a hacker both items they would need to get the card numbers...
what I was thinking, was to store the credit card numbers in cookies on the customers local machine, but encrypt them using the password for their account (which is stored in my SQL Server)
so when they log in, the key would be available to decrypt the cookie and have the valid card number....
If that is not secure enough, I was thinking about doing that with half the card number, and the second half be stored in the database, and they would be put together at transaction time..
what do you guys think?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|