Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Storing credit card numbers temporarily (OT)

by fokat (Deacon)
on Aug 14, 2005 at 04:30 UTC ( #483657=note: print w/ replies, xml ) Need Help??


in reply to Storing credit card numbers temporarily (OT)

bradcathey made a very wise question... And deep inside he knows the answer to the question he has asked

Yikes, I'm storing their CC# when told them I wouldn't.

Then by all means, don't. You already have a very nice setup going on... You're using strong crypto to protect the credit card. What you need to store in your database, is a random secret indexed with the key you already have.

Then you use this random secret as the key to encrypt the CC number, as you already described, and return this encripted credit card number back to the browser.

By doing this, you won't be storing the CC number (your customer will), and you will be protecting the CC number within the cookie jar of your customer's browser.

The returned cookie can be set to expire in a reasonable time, just as the secret in the database.

Best regards

-lem, but some call me fokat


Comment on Re: Storing credit card numbers temporarily (OT)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://483657]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (6)
As of 2014-12-20 08:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (95 votes), past polls