Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m going to be implementing a PHP/mySQL setup to store credit card information.
It seems like AES_ENCRYPT/AES_DECRYPT is the way to go,
but I’m still confused on one point:
How do I keep the encryption key secure?
Hardwiring it into my PHP scripts (which will live on the same server as the db) seems like a major security hole.
What’s the "best practice" solution here?
You should think long and hard about whether you REALLY need to keep the CC#. If you don’t have a great reason, DON’T! Every other week you hear about some company being compromised and CC#’s being stolen. All these companies made a fatal flaw – they kept too much information. Keep the CC# until the transaction clears. After that, delete it.
As far as securing the server, the best course of action is to secure the hardware and use the internal system socket to MySQL, and make sure to block any network access to the MySQL server. Make sure you’re using both your system permissions and the MySQL permissions to allow as little access as needed. For some scripts, you might consider write-only authentication. There’s really no encryption method that will be foolproof (as you will always need to decrypt, and thus must store the key). This is not to say you shouldn’t – you can store your key in one location and if you detect system compromise you can destroy the file and render the data useless.