I am setting up a ShoppingCart application, and I need to encrypt the credit card numbers (I have a thing about sticking plain-text CCs in a database).
Unfortunately, I do not have the MCrypt functions installed, nor can I get them (I do not have control over the server). Any ideas?
Encrypting CreditCard Numbers
Moderator: General Moderators
I suspect the answer is no, but do you have the openssl functions installed? While harder to use than mcrypt, the library does support a full suite of crypto-tools.
Does your database support encryption at the database level? How secure is your database?
What is your threat model? Are you worried about exposing CC# to local or remote users, etc?
Does your database support encryption at the database level? How secure is your database?
What is your threat model? Are you worried about exposing CC# to local or remote users, etc?
if you're using mysql and the version does support it you may use some of the functions listed at http://www.mysql.com/doc/en/Miscellaneo ... tions.html
there are several encode/decode and encrypt/decrypt functions.
there are several encode/decode and encrypt/decrypt functions.
None of the mysql crypto options are providing any type of security if you are using a shared web hosting service, even if running suExec with private files I would never ever consider anything that can be decryprypted at the server as safe....
Unless you have a dedicated (or preferably two) and fairly hardened server(s), your only secure option is a public/private key type encryption, such as GnuPG, PGP or S/Mime (or whatever x509 stuff the S/mime stuff uses, I am not sure on the right terms there, OpenSSL supports S/Mime).
Unless you have a dedicated (or preferably two) and fairly hardened server(s), your only secure option is a public/private key type encryption, such as GnuPG, PGP or S/Mime (or whatever x509 stuff the S/mime stuff uses, I am not sure on the right terms there, OpenSSL supports S/Mime).
sorry about that, I didn't think of the new stuff in MySQL version 4, but as most web hosts still use version 3.23, and 4 is still not production-stable.. But yeah, that is right, MySQL 4 offers full DES,SHA, AES and others support..
And your are right that there would be no difference in how to store the keys, myself I would never store that in any format on a shared-hosting server, nor any server with user login accounts and such..
And your are right that there would be no difference in how to store the keys, myself I would never store that in any format on a shared-hosting server, nor any server with user login accounts and such..