PHP Script encoding -- is it essential?

[keats]

Hi

I am doing credit card number encyption in my code(functions.php) .anyway i should make it secured from crackers. plz suggest me an apt way to make my application secured...

I thought if this code can be encoded..but it should be compiled at runtime.
This file shouldnot be viewed by outsiders.

plz help..


keats

[john tindell]

Firstly make sure the information is being sent over SSL. To make your script secure you need to verify and process any information that is being sent from the user to make sure that it is not being sent as an Injection attack Depending on how your going to use the creditcard infromation you should get mopre infromation fmor the bank. I know that Paypal has lots of documentry about how the information is to be stored and processed to enabled the best security for the user.

The PHP code will be unavalible to anyone else so compiling or encoding the source would be an unnessesary step.

[keats]

Thank u john...

[visualAd]

Don't forget that the people viewing your page cannot see the PHP code, all that reaches the user is the output as a result of executing the code. Unless some kind of error causes the code to be dumped as text. However, you can limit the information in these files by including sensative code from other files.

Services like Paypal provide API's which enable you to take payment online without ever seeing your customers credit card details. Many other merchant services alswo exist, which not only process the credit card info and validate it, but also provide a secure site which users can enter the info on.