beginning_php thread: question about PHP parsing....
Message #1 by "Dan Ostrowski" <dan@t...> on Sun, 21 Apr 2002 21:11:52|
i am working on a secure form for simply taking and recording to file
credit card numbers.
the friend i am working for is maintaining a webpage for a non-profit run
of somesort and he wants to be able to take credit card numbers... dump
them into a file.. then pull the numbers up securely.. run them at the
office... and then delete them.
i am thinking I will take the order info securely.. then, using PHP, write
ANOTHER PHP file with array data! It WILL be parsed by a web browser,
right? so as long as the file simply contains variables that will remain
server side, it won't matter. this is how I have heard most include files
are kept, so it should be safe, right?
even if someone tried to open my file via browser, they couldn't do it,
and PHP does not allow inclusion or opening of remote files...
Message #2 by Peter Simard <pasimard@v...> on Sun, 21 Apr 2002 16:29:15 -0400|
Sunday, April 21, 2002, 5:11:52 PM, you wrote:
That sounds dangerous to me. IMHO you should never be storing the
credit card numbers for later retrieval. The whole process should be
transaction specific: CC#-->approval/decline-->process order-->confirm.
No CC# data ever being stored.
Message #3 by "Dan Ostrowski" <dan@t...> on Sun, 21 Apr 2002 21:58:18|
i don't particularly like it either, but it's what they wanted to do. as
long as it's a secure proccess, my part is done.
i think i have done it. in the folder that holds the information, i put
in a "require SSL" .htaccess file so that you can only get the data over
secure socket layer. it also (i tested it with my personal webspace) will
NOT work in remote includes or file opening.
the only way that the information can be successfully accessed is via an
include ON THE SEVER. unless you can ftp to the server, you can't create
a file that opens it. all the info is safe in transit if you use the
that's all he wanted done, and I think i have it...
but if you think of any loopholes...