Re: How to design a "customer" TABLE which hold credit card infos and other payments?

On Thu, Nov 6, 2008 at 2:43 PM, Michelle Konzack
<linux4michelle(at)tamay-dogan(dot)net> wrote:
> ************************************************************************
> * Do not Cc: me, because I READ THIS LIST, if I write here *
> * Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe *
> ************************************************************************

Sorry, it's how this list works. If you don't want that, there are
some options for majordomo you can set to alleviate the issue. I'm
not changing how I reply to the list just for you.

> Hello,
>
> I am coding a new OnlineStore (the existing ones fit not my needs, are
> to complicate to use or simply closed source and too expensive e.g.
> InterShop) with an integrated powerful ledger.
>
> So now it comes to infos about Credit Cards, PayPal and friends...

If you are storing credit card data then you must follow the PCI
standards for doing so. Look them up on the web and get a copy.
Failure to follow their security guidelines will result in you not
being allowed to process or handle credit cards.

That said, the best way to store them is to not store them. If you
still have to, then use some kind of encryption using the user's
password as part of the key, and don't store the user's password, only
an md5 of it. Also, store the password on one machine, encrypted, do
the encryption decryption on another machine.