Re: Storing credit card numbers temporarily (OT)

Could you expand on how you are storing the keys?

Is there only one key for all of the the users?

If you create a new key each time a user submits a CC# then you can store the key in the final submit form in a hidden field. Now you can only decypt the CC# that is in the database when the final form is submitted.

As for the database entry I would have an order AND a cancel button on the web page, so that the user can delete the CC# from the database if they want. You should also expire (delete) the CC# in the database after some (relativly short) amount of time.

-- gam3
A picture is worth a thousand words, but takes 200K.

Comment on Re: Storing credit card numbers temporarily (OT)

Replies are listed 'Best First'.
Re^2: Storing credit card numbers temporarily (OT) by phroggy (Monk) on Aug 14, 2005 at 03:04 UTC
If a user wants to cancel, there's absolutely no reason to think that they'll actually bother to click your cancel button, instead of just clicking some other link. Go ahead and put a cancel button, but it shouldn't actually do anything besides redirect them to another page. `perl -e '($,,@_)=("er",",\n","l Hack"," P","Just anoth"); print reverse @_;'`	[reply] [d/l]
Re^2: Storing credit card numbers temporarily (OT) by bradcathey (Prior) on Aug 14, 2005 at 03:07 UTC
Hmmmmmm, I only have one key for all. Currently it is stored in a chmod'ed 600 folder off my home directory (not root). I was told this was the safest place. I like your idea of a different key for each! But why in a hidden field? Isn't that too obvious? What about a cookie? I did think about the cancel button, but there is still a chance they will bail without clicking it. And how do you delete a record from a database automatically? Cron job? Thanks! —Brad "The important work of moving the world forward does not wait to be done by perfect men." George Eliot	[reply]
Re^3: Storing credit card numbers temporarily (OT) by gam3 (Curate) on Aug 14, 2005 at 13:49 UTC
There is no security difference between a cookie and a hidden field in a form on the client side. They are both likeley to be stored on the hard disk. Having the key in the form just binds it closer to its use so it is less likely to leak out. If you were careful you could get the same effect with cookies -- using path etc. It does not matter if someone has the key on the client machine, because the CC# is on your computer. And if they get into the database they will need the key from each client to get the stored CC#s. Yes you can run a cron job to remove the old entries. -- gam3 A picture is worth a thousand words, but takes 200K.	[reply]