in reply to Execute Perl code on CGI submit for credit card encryption

First of all, I recently posed a similar question concerning security. There's a little summary on how I structured the whole transaction that you might find useful.Check it out.

As an update, I'm encrypting and storing the key in the DB and encrypting the credit card number with the key and writing it to a cookie. One is no good without the other, as they are being stored in two separate places.


—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot
  • Comment on Re: Execute Perl code on CGI submit for credit card encryption

Replies are listed 'Best First'.
Re^2: Execute Perl code on CGI submit for credit card encryption
by Popcorn Dave (Abbot) on Sep 01, 2005 at 03:24 UTC
    Thanks for that! I had thought about wiping the field with the credit card number, but mattr's suggestion of filling the field with random junk is intriguing and probably a safer way to go.

    My app isn't quite as sophisticated as what it appears you did. I'm still going to have to enter the cc numbers in to a terminal for processing, but it's a family business (wife and in-laws) so the theft angle isn't quite the same. Of course I'd *love* it if the whole thing grew to where I could justify online processing, but you have to start somewhere.

    Useless trivia: In the 2004 Las Vegas phone book there are approximately 28 pages of ads for massage, but almost 200 for lawyers.
[reply]
      If the terminal you manually enter the CC-number into is not connected to your web-server or to the internet you have a super-secure system as nobody can "jump" from the web-server into your CC-number storage! You will only have to physically secure your terminal from theft (some "old style" ferocious dogs and/or shotguns might be sufficient here).

      CountZero

      "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

In Section Seekers of Perl Wisdom