/    Sign up×
Community /Pin to ProfileBookmark

Credit card security

Copy linkTweet thisAlerts:
May 30.2008

I have a client who rents indoor soccer fields and wants to put their rental contracts online. Curently they simply have a .pdf of their contract on-line and customers print-out and fax in the contract. The client then calls the customer and takes credit card info over the phone to pay for the field rental.

My client would like customers to fill out the contract online and include credit card info. The credit card charge would be processed manually (as it is now) after the submitted contract was approved.

My plan was to create an SSL .html form that feeds a PHP handler. The PHP handler would write the form data into an .html document that looks like the rental contract. The document would be stored in a password protected directory. The PHP handler would send an email to the client with an SSL link to the document. The client can then view the document and print it out locally.

2 questions –

1) Is this a sensible approach?

2) Submitted field rental contacts with credit card info will collect in this password protected directory … which is accessible to the client AND the server provider (since they have root access). Should I be concerned that the server provider could access these .html contracts? I have no reason to distrust the server provider — maybe I’m being paranoid.

Thanks for the insight.

Saratoga Sam

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@dhaarbrinkMay 30.2008 — i don't really understand why you would let php generate (and store) a html document.

my approach would be something like this:

  • - use a ssl connection for the input form

  • - let php handle the form

  • - store information to database

  • - generate contract for the user to store/print/view/bookmark/whatever

  • - notify client in some way


    • i wouldn't worry about your isp. if you do worry about them, what are you doing there in the first place?
    Copy linkTweet thisAlerts:
    @the-ferretMay 30.2008 — i wouldn't worry about your isp. if you do worry about them, what are you doing there in the first place?[/QUOTE]

    I might be worried about who else is on the server though if it is a shared hosting package!
    Copy linkTweet thisAlerts:
    @dhaarbrinkMay 30.2008 — that's true, i hadn't thought of that.

    another pro to consider a database for storage. securing a database is (generally speaking) easier than a filesystem ?
    Copy linkTweet thisAlerts:
    @Saratoga_SamauthorMay 30.2008 — i don't really understand why you would let php generate (and store) a html document.[/QUOTE]

    Because I think it eliminates extra PHP and MYSQL coding. Since this is a contract, submitted data will not be changed at a later date.

    Without the database I would not need to write data into a db and extract it later when the clients wants to view the contract.

    However, that being the case, the mysql database provides 2 useful functions I could use to encrypt the credit card data in the mysql database:

    ENCODE(string,password_string), DECODE(string,password_string)

    However, the password string is visible in the PHP code to the ISP so they could "theoretically" decode the credit card number - although it would take a little more effort.

    hmm. My client is on a shared hosting server. Maybe the only way to truely secure credit card info is to run his website on a dedicated server...?

    Saratoga Sam
    Copy linkTweet thisAlerts:
    @bluestartechMay 30.2008 — using MD5 hash/fingerprint in the post query can provide an additional level of security
    ×

    Success!

    Help @Saratoga_Sam spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 4.27,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,

    tipper: @Samric24,
    tipped: article
    amount: 1000 SATS,
    )...