I have a website I'm creating that will require the users to enter a credit card nubmer. The initial billing of the card is done on our secure server, but then it is stored in the MySQL database for future billings.
Given all of the recent outbreaks of hacking billing server, and databases, I would like to know if anyone knows of a way to ENCRYPT the card nubmer as it is placed into the database, and then DECRYPTED as it is retrieved to bill their card again...
If anyone has any clues, please help me!
I'm programming in PERL, so please submit the code in PERL.
CPAN has Perl modules for encrypting/decrypting in just about any scheme you care to mention.
Note that the built-in Perl function crypt is useless for this task as there is no decrypt!
If your data really is that critical I'd get some good advice on overall security (including physical and internal security) and hire someone to do independent testing and auditing.
June 11th, 2000, 05:45 PM
The golden rule of ecommerce is NEVER store credit card information in any form in a database! You don't need it there, and you certainly don't need the liability.
It's safer and more accepted to have to re-enter your credit card information for each transaction, which is what all the large ecommerce projects such as amazon.com do.