Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder anarchy3200's Avatar
    Join Date
    Mar 2003
    Location
    England
    Posts
    261
    Thanks
    0
    Thanked 1 Time in 1 Post

    Credit card encryption

    Is it possible to securely encrypt credit card details without using SSL

    At current i use an RC4 encryption but would this be considered safe enough for credit card numbers.

    Thanks

    Mike

    (i know it is always possible to crack but i'm talking about legal security)

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,108
    Thanks
    11
    Thanked 101 Times in 99 Posts
    Without SSL the CC data is passed plain text between the users computer and your server , so it is vunerable until it gets there no matter what encryption you employ when it gets there.

    The legal implications are not universal if indeed they have even been addressed in many places , however I would feel that it was my responsibility to ensure a secure transport for sensitive data at all times.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you need SSL or similar for 2 reasons:
    1) the transported packages will else be readable (as firepages pointed out). Now, you could fix that by using a clientside encryption.
    2) you need to be absolutely sure you can identify the client that is posting or requesting data. So you need a more secure sessionmanagement then the build in PHP sessionmanagement
    some extra info
    http://www.codingforums.com/showthread.php?t=31049

    what's 'legal security' ?
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #4
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Quote Originally Posted by raf
    what's 'legal security' ?
    as opposed to illegal security?
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #5
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i suppose ...

    All i realy wanted to know was how many years 'You've been founed guilty of committing legal security' would get me. Or would it get me some sort of reward?

    Lesson learned : never ask a question you don't understand
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •