Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Storing credit card numbers temporarily (OT)

by fokat (Deacon)
on Aug 14, 2005 at 04:30 UTC ( #483657=note: print w/replies, xml ) Need Help??

in reply to Storing credit card numbers temporarily (OT)

bradcathey made a very wise question... And deep inside he knows the answer to the question he has asked

Yikes, I'm storing their CC# when told them I wouldn't.

Then by all means, don't. You already have a very nice setup going on... You're using strong crypto to protect the credit card. What you need to store in your database, is a random secret indexed with the key you already have.

Then you use this random secret as the key to encrypt the CC number, as you already described, and return this encripted credit card number back to the browser.

By doing this, you won't be storing the CC number (your customer will), and you will be protecting the CC number within the cookie jar of your customer's browser.

The returned cookie can be set to expire in a reasonable time, just as the secret in the database.

Best regards

-lem, but some call me fokat

  • Comment on Re: Storing credit card numbers temporarily (OT)

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://483657]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2021-11-27 12:14 GMT
Find Nodes?
    Voting Booth?

    No recent polls found