I'm sorry to post here, this may not be the appropriate place, but this is the ONLY forum I have ever posted to where people seem to be knowledgable about these kinds of things and actually respond to my question. Thanks in advance for any help you can give!

Okay...I have a website, and it's complete except for one thing- I have a form which will transmit credit card numbers and personal information, and I need to know how to use it securely. I'm using Ventures Online for my webhosting and I used Frontpage to create my website, I have no idea how to use html. The page with the order form is published to VO's secure server- now I just need to know how to use it!

See, I have to be able to send the results of the form somewhere where I can read it securely...and as I understand so far, there are a few options here:

1) E-mail, but for e-mail I need some kind of encryption program. I have no idea how that would work or how complicated it would be to install...or really anything about how it would work.

2) I thought I could send the results to a database, but I don't know how to use a database and someone told me that that wasn't a very safe or secure option. I was also told that I should look into getting a "third party" something-of-other, and that I need some kind of expert advice, but I don't have any money to do that.

3) ????? There must be another option here....how do big companies do this? Is there a simple option here? How does Barnes and noble or Amazon.com transfer all their credit cards safely from a form to their hands?

The proceeds of my website are going to go towards buying back the Rainforests of the world- it means a great deal to me, which is why I have managed to get this far with absolutely no internet literacy whatsoever. I don't understand any of this stuff...can anyone here lay this out for me, and tell me straight what I have to do without using bizzarre internet terms I've never heard before? Thanks in advance!

You'll need an SSL certificate for your website and that installed on your webserver (ask your host to do this) so you can have a secure server with an HTTPS url and a lock icon.

As far as a programming standpoint, the user would be viewing and submitting the form over as secure connection. Now, the script handling this form would save this data somewhere on the server, a flat file or a MySQL database most likely. To see this form data, create another script that you access via the secure URL to view the data. This way should ensure that data is always being transmitted over a secure connection. Of course, make sure nobody can see the script that views the form data. Put an strong HTTP password on that directory or something. Also, wherever you store data must not be viewable to anyone else. Probably your best bet is a MySQL database.

Hope it helps a little,
Ben Hughes
SynHost

These are the things you need to learn to be able to secure this transaction:

1. PGP or GPG (GnuPG) to encrypt the received data from client/user form submission. As soon as the data is received, encrypt it, and email it somewhere, where only you can decrypt it using password/key combination.

2. SSL to encrypt the data while it is travelling from user to web server. (This is trivial, you just need an SSL certificate and https connection)

Do not save CC numbers in clear text on the server, not even in database. That is a big mistake, or rather blunder. :o

What I would suggest is that

a) either try to forward the users to third-party credit card processor (who does the transaction and sends you money later), this way you do not need to worry about CC numbers. (Example: PayPal.com, very easy to setup). Plus no need for PGP etc.

b) or encrypt the data if you want to store it locally. and that data should only be viewable on secure connection through passwords. this is complex and definitely needs someone with some experience to help you out.

BTW, why do you want to store it locally?

I can't give it to a third party credit card processor place- I need to be able to process the credit card numbers myself. Basically I own a small company working for a larger company who provides products, shipping, and such and they have to worry about inventory, so I need to pass orders on to their sales department...just trust me on this one, it's a bit complex but it works.

But I'm getting two opposite opinions here, which seems to be very frequent for this question- one person is saying use a MySQL database, which I can easily create using my control panel (which I can access securely as well) and another which is saying that that isn't safe. So can anyone tell me, would it really be safe for me to have viewers send information from the form on my secure server to a MySQL database in my control panel with a big long password like "blue72amolaramg3" and then get the CC numbers off of it every day, then delete them from the database? Or would that be unsafe?

IMHO MySQL database is open. Anyone having access on your server (shell, or even FTP) can view all the databases.

I have seen it myself :(

So, do not store them in clear text. Either encrypt them or use some other method. For example email a part of the CC number, and store the rest. Something like that which can not be compromised if someone gets access to your data.

The passwords you are talking about is nothing :o

We are in the same boat, we need to store CC numbers for a project. Here's what we're doing.

WEB SERVER: SSL HTTP POST data to a staging server

STAGING SERVER: 2 nic cards. One with a public IP, one with a local IP connected to the transaction server. HTTP POST data to the transaction server. running HTTP. thats it.

TRANSACTION SERVER: local IP. the only services it runs are HTTP, MySQL and the credit card auth binaries. Thats it.

Everything is firewalled with IP chains.

Does my plan sound secure?

Originally posted by masood
IMHO MySQL database is open. Anyone having access on your server (shell, or even FTP) can view all the databases.

I have seen it myself :(


You (or your host) might want to read some of the MySQL documentation, then, and actually put some passwords on the data. And, of course, restrict the directories where the data actually lives (/usr/local/var is typical).

And of course, sensitive information such as credit cards should be public-key encrypted no matter where they are stored.

Kevin

Originally posted by sigma


You (or your host) might want to read some of the MySQL documentation, then, and actually put some passwords on the data. And, of course, restrict the directories where the data actually lives (/usr/local/var is typical).

And of course, sensitive information such as credit cards should be public-key encrypted no matter where they are stored.

Kevin

Kevin,

I completely agree with you. :) Sorry my above statement was an exaggeration :o

The problem lies with both the host and the user. In that case it was with the user.

Usually MySQL passwords are stored in simple php or perl scripts, which are readable unless someone uses cgiwrap/php-cgiwrap/suEXEC to restrict that. And surprisingly not everyone uses that, the incident I'm quoting was at a popular host :D No fault of the host ;)

I did a security audit and my client never bothered to use php-cgiwrap to protect their scripts. :( And on top of that they were storing CC numbers in MySQL with expiry, address - all in plain text. :rolleyes: