View Feed
group-icon
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12831 Members
Join this group to post and comment.
Gnana Deepthi
Gnana Deepthi • May 31, 2008

doubt on how to store credit card numbers in data base in web enabled applications

i am going to do a miniproject in online telecommunications where i need to store credit card numbers of customers.Is there any open source encryption software available or is there any alternative.please help me in this regard.
simple
simple • May 31, 2008
Re: doubt on how to store credit card numbers in data base in web enabled applicatio

Try OpenSSL....also google for it and you will surely find a lot of answers!!
c ya!!
Prasad Ajinkya
Prasad Ajinkya • Jun 2, 2008
Re: doubt on how to store credit card numbers in data base in web enabled applicatio

Deepthi,

Answer is simple. Dont!!

If you still have to do it (in case you have your own in-house payment gateway), then atleast have the following things in place -

1. a strong SSL certificate (Thawte, Verisign, et al)
2. SSL enabled webserver
3. Stop direct access to the database server
4. Stop direct root login on the database server
5. Stop all extra ports on the database and web servers (keep the ssh port open, and that too only for one particular ip)
6. Keep a strong password policy for both your servers
7. Have all database accesses from the webserver through the internal interface and not on the external ones

And that is just the start. Ideally, seek the advice of an ethical hacker on this.

I would still stick with the first option of not storing the CC no.s 😀
Gnana Deepthi
Gnana Deepthi • Jun 4, 2008
Re: doubt on how to store credit card numbers in data base in web enabled applicatio

thanx for suggestions

Share this content on your social channels -