If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Is MySQL secure enough to store credit card numbers on?
Yes, that is true. It would only be a risk if they had their password saved for the admin login page.
If this did happen, however, I would think that my client would be at fault, not me. I would hope that I have done enough, and that my client's laziness has caused the hacker to gain access.
Why do they need the admin page password? They need access to the emails once the site is compromised.
I'm sure there would be plenty of blame for everyone involved in the data loss.
"Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha
The email contains most of the order details, excluding the middle 8 digits of the credit card number.
My client then clicks on a link in this email that links to the admin area that then provides them with the middle 8 digits (that are stored in a mysql db).
I'm sorry, but something seems a little backwards here. I do a good bit of online purchasing and I have yet to refuse to do business with a company because I have to enter my credit card number again this week after I entered it last week. In fact, if their order form auto populated my card number, then I would have problems.
It's easy to say that the client is always right. But the fact is often clients are ignorant. (Not stupid, just ignorant.) That's where the techies and SME's they hire (or outsource to) come in -- those with the technical knowledge need to be accountable, which is not always being compliant. They need to provide education and keep the ignorant from doing something stupid.
After informing the client of the risks, if they choose to go ahead, it's not based on ignorance, but what I consider to be a true client preference (however misguided). My job as a developer is to present options, discuss ramifications, and implement the client's choice.
After informing the client of the risks, if they choose to go ahead, it's not based on ignorance, but what I consider to be a true client preference (however misguided). My job as a developer is to present options, discuss ramifications, and implement the client's choice.
Crunch,
Given that you are going to impelement this, how are you planning on doing so? What do you think of the method I described several posts ago?
I'm going to implement this using a built-in feature of a shopping cart that I'm already using (DigiShop). Their programmers claim their cart script is CISP compliant, and I'll be using a CISP compliant dedicated server (I wish Dathorn's had been available by now).
I wouldn't want to create something like this from scratch!
Comment