Loading ...
Sorry, an error occurred while loading the content.

Re: [NH] Credit Card Security

Expand Messages
  • Stefan Elssner
    wilkinsonm wrote: I am customizing an e-commerce site for a client. Right now visitors post their credit card info to a page that is in a secure (SSL)
    Message 1 of 3 , Feb 24, 2003
    • 0 Attachment
      wilkinsonm wrote:
      > I am customizing an e-commerce site for a client. Right now visitors
      > post their credit card info to a page that is in a secure (SSL)
      > folder. It is stored on a MySQL database. However, when my client goes
      > to retrieve the info, they do so via a page that is
      > password-protected, but not in a secure folder.
      >
      > For security sake, should this second page also be in a secure folder?

      By any means, if you can manage, yes!

      in short, SSL (Secoure Socket Layer) is an enhancement to the
      transmission protocol used in the WorldWideWeb protecting the data
      streams between sender and receiver (server and browser) against spying
      from third side.

      This has nothing to do with resctricting access to a page by passwords
      in any way.

      If you deliver the data to your final client without SSL, they can
      theoratically be read in clear text by anyone with enough interest and
      know-how. So use SSL on this way too, as you used on the customer side.

      Regards,
      Stefan

      --
      Stefan Elssner
      mailto:elssner@...

      __________________________________________________________________

      Gesendet von Yahoo! Mail - http://mail.yahoo.de
      Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
    • jaydrake@inthecastle.com
      ... I would also advise encrypting the credit card data at the very least if you aren t already doing so. This way if someone were to gain access
      Message 2 of 3 , Feb 24, 2003
      • 0 Attachment
        <SNIP>

        >> For security sake, should this second page also be in a secure folder?
        >
        > By any means, if you can manage, yes!
        >
        <SNIP>

        I would also advise encrypting the credit card data at the very least if you
        aren't already doing so. This way if someone were to gain access to the
        database they would not get usable credit card numbers unless they also were
        able to break the encryption which would be rather unlikely if done
        correctly.

        Jason Drake
      Your message has been successfully submitted and would be delivered to recipients shortly.