Hi, I'm doing a shopping cart site for a client and am now trying to find out the best (read, "as secure as possible") way to handle credit card information. Some related info: - The credit card numbers need to remain persistent in 2 other places than where they were entered, 1.) A "confirmation" screen, and 2.) After confirming, an email will be sent with all the customer's data. - The box on which this CGI program runs has multiple users, and is Redhat Linux 6.2 - I do not control this box - The idea of somebody getting root on the box, and then putting a trojan in place of my app to send off all the cc numbers their way scares me :) Ideally, I'm trying to think of a way to do this so that the cc numbers never touch the disk - The cc numbers need to be both encrypted and decrypted (well, I'm assuming this will be a necessary security step), and this will be done with the same program. So can anyone recommend a good technique to securely handle credit card numbers that need to somehow be persistent? Again, after entered on one form, they then need to be displayed once on a "Confirmation" screen, and then when the user "confirms" they need to be emailed to my client, all of which has to be done securely of course :) Any help is appreciated. -- Brad Bollenbach, Python Hacker
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4