Hey guys... looking for a solution here...
I need to store credit card information in a MySQL DB... I have no problem encrypting the CC number, using secure connections, and restricting access to MySQL... the problem I have is this... I have to use the MySQL connect to gain access... this is in the PHP file... and if I encrypt the CC number, the key need to be put somewhere... like another file to be included or in a table... so the problem I see here is this:
If I hacked into the site and saw the PHP code... I could then easily hack out all the CC numbers... I could gain access to MySQL from the connect statement... I could write a little script (that I have) that would open the include file to get the CC number password... what I am looking for is...
How do I make this secure? I want to create a way that even if they did get in... they can't get the CC numbers... any ideas?
Thanks to all for any answers!
Always,
Charles W. Lowe
This Portal Inc.
I need to store credit card information in a MySQL DB... I have no problem encrypting the CC number, using secure connections, and restricting access to MySQL... the problem I have is this... I have to use the MySQL connect to gain access... this is in the PHP file... and if I encrypt the CC number, the key need to be put somewhere... like another file to be included or in a table... so the problem I see here is this:
If I hacked into the site and saw the PHP code... I could then easily hack out all the CC numbers... I could gain access to MySQL from the connect statement... I could write a little script (that I have) that would open the include file to get the CC number password... what I am looking for is...
How do I make this secure? I want to create a way that even if they did get in... they can't get the CC numbers... any ideas?
Thanks to all for any answers!
Always,
Charles W. Lowe
This Portal Inc.