Is MySQL secure enough to store credit card numbers on?

Why do they need the admin page password? They need access to the emails once the site is compromised.

I'm sure there would be plenty of blame for everyone involved in the data loss.

The email contains most of the order details, excluding the middle 8 digits of the credit card number.

My client then clicks on a link in this email that links to the admin area that then provides them with the middle 8 digits (that are stored in a mysql db).

I'm sorry, but something seems a little backwards here. I do a good bit of online purchasing and I have yet to refuse to do business with a company because I have to enter my credit card number again this week after I entered it last week. In fact, if their order form auto populated my card number, then I would have problems.

It's easy to say that the client is always right. But the fact is often clients are ignorant. (Not stupid, just ignorant.) That's where the techies and SME's they hire (or outsource to) come in -- those with the technical knowledge need to be accountable, which is not always being compliant. They need to provide education and keep the ignorant from doing something stupid.

Just my $0.02.

Dean

After informing the client of the risks, if they choose to go ahead, it's not based on ignorance, but what I consider to be a true client preference (however misguided). My job as a developer is to present options, discuss ramifications, and implement the client's choice.

Crunch,

Given that you are going to impelement this, how are you planning on doing so? What do you think of the method I described several posts ago?

Thanks.

James

I'm going to implement this using a built-in feature of a shopping cart that I'm already using (DigiShop). Their programmers claim their cart script is CISP compliant, and I'll be using a CISP compliant dedicated server (I wish Dathorn's had been available by now).

I wouldn't want to create something like this from scratch!