Re: [NH] Credit Card Security
- wilkinsonm wrote:
> I am customizing an e-commerce site for a client. Right now visitorsBy any means, if you can manage, yes!
> post their credit card info to a page that is in a secure (SSL)
> folder. It is stored on a MySQL database. However, when my client goes
> to retrieve the info, they do so via a page that is
> password-protected, but not in a secure folder.
> For security sake, should this second page also be in a secure folder?
in short, SSL (Secoure Socket Layer) is an enhancement to the
transmission protocol used in the WorldWideWeb protecting the data
streams between sender and receiver (server and browser) against spying
from third side.
This has nothing to do with resctricting access to a page by passwords
in any way.
If you deliver the data to your final client without SSL, they can
theoratically be read in clear text by anyone with enough interest and
know-how. So use SSL on this way too, as you used on the customer side.
Gesendet von Yahoo! Mail - http://mail.yahoo.de
Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
>> For security sake, should this second page also be in a secure folder?<SNIP>
> By any means, if you can manage, yes!
I would also advise encrypting the credit card data at the very least if you
aren't already doing so. This way if someone were to gain access to the
database they would not get usable credit card numbers unless they also were
able to break the encryption which would be rather unlikely if done