[UPHPU] Is https enough?
breece at doba.com
Thu Jun 14 07:49:21 MDT 2007
1) If you're using mysql, see the aes_encrypt and aes_decrypt functions
-- they'll do the industry standard encryption for you. PHP has similar
functions available as well. I imagine 1and1 has at least one of those
2) Unless you're a cryptographer, I don't think they'd be convinced it's
up to industry standards, esp. since proven technologies are already
3) I was under the impression that you were doing the transaction
real-time. If you're just storing the data to transact at a later time,
you'd have to do your transactions without the vcode, I reckon. The
vcode generally isn't required, but you'll usually get lower transaction
costs if you use it.
4) The great thing about having the standards is that if you do get
credit card data stolen from you, you can probably recover from it since
you have been following industry best practices. If you're hacked and
haven't been following the best practices, you're in for it.
Webot Graphics wrote:
> 1) If I plan to use 1and1.com for hosting, do they offer an encrypted db?
> 2) can you make up some custom code
> example ---
> real card
> 1234 5678 9012 3456
> could be stored as
> 5678 1234 3456 9012
> 3) The pdf says you can't store the vcode anywhere, but how do you
> keep it long enough for accounting to process it?
> 4) We had 1.22 million dollars in sales last year, so we fit the
> "millions of dollars per year" category, and though we still act like
> a small business (see website), we are reaching a point at which
> security could become a real threat.
> Justin Giboney
> On Jun 13, 2007, at 4:55 PM, Ben Reece wrote:
> UPHPU mailing list
> UPHPU at uphpu.org
> IRC: #uphpu on irc.freenode.net
More information about the UPHPU