Loading ...
Sorry, an error occurred while loading the content.

Credit Card Security

Expand Messages
  • wilkinsonm <mikew@wtribe.com>
    I am customizing an e-commerce site for a client. Right now visitors post their credit card info to a page that is in a secure (SSL) folder. It is stored on a
    Message 1 of 3 , Feb 24 7:34 AM
    • 0 Attachment
      I am customizing an e-commerce site for a client. Right now visitors
      post their credit card info to a page that is in a secure (SSL)
      folder. It is stored on a MySQL database. However, when my client goes
      to retrieve the info, they do so via a page that is
      password-protected, but not in a secure folder.

      For security sake, should this second page also be in a secure folder?

      Thanks,

      Mike Wilkinson
    • Stefan Elssner
      wilkinsonm wrote: I am customizing an e-commerce site for a client. Right now visitors post their credit card info to a page that is in a secure (SSL)
      Message 2 of 3 , Feb 24 1:15 PM
      • 0 Attachment
        wilkinsonm wrote:
        > I am customizing an e-commerce site for a client. Right now visitors
        > post their credit card info to a page that is in a secure (SSL)
        > folder. It is stored on a MySQL database. However, when my client goes
        > to retrieve the info, they do so via a page that is
        > password-protected, but not in a secure folder.
        >
        > For security sake, should this second page also be in a secure folder?

        By any means, if you can manage, yes!

        in short, SSL (Secoure Socket Layer) is an enhancement to the
        transmission protocol used in the WorldWideWeb protecting the data
        streams between sender and receiver (server and browser) against spying
        from third side.

        This has nothing to do with resctricting access to a page by passwords
        in any way.

        If you deliver the data to your final client without SSL, they can
        theoratically be read in clear text by anyone with enough interest and
        know-how. So use SSL on this way too, as you used on the customer side.

        Regards,
        Stefan

        --
        Stefan Elssner
        mailto:elssner@...

        __________________________________________________________________

        Gesendet von Yahoo! Mail - http://mail.yahoo.de
        Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
      • jaydrake@inthecastle.com
        ... I would also advise encrypting the credit card data at the very least if you aren t already doing so. This way if someone were to gain access
        Message 3 of 3 , Feb 24 1:21 PM
        • 0 Attachment
          <SNIP>

          >> For security sake, should this second page also be in a secure folder?
          >
          > By any means, if you can manage, yes!
          >
          <SNIP>

          I would also advise encrypting the credit card data at the very least if you
          aren't already doing so. This way if someone were to gain access to the
          database they would not get usable credit card numbers unless they also were
          able to break the encryption which would be rather unlikely if done
          correctly.

          Jason Drake
        Your message has been successfully submitted and would be delivered to recipients shortly.