Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
361362363364365366367368369370
the Web server. If you are not the administrator for your Web server (as is likely the case if you
are sharing a server), it might be worth discussing this with your administrator and exploring
security options.
Why Are You Storing Credit Card Numbers?
Having discussed secure storage for sensitive data, one type of sensitive data deserves special
mention. Internet users are paranoid about their credit card numbers. If you are going to store
them, you need to be very careful. You also need to ask yourself why you are doing it, and if it
is really necessary.
What are you going to do with a card number? If you have a one-off transaction to process and
real-time card processing, you will be better off accepting the card number from your customer
and sending it straight to your transaction processing gateway without storing it at all.
If you have periodic charges to make, such as the authority to charge a monthly fee to the same
card for an ongoing subscription, this might not be an option. In this case, you should think
about storing the numbers somewhere other than the Web server.
If you are going to store large numbers of your customers card details, make sure that you
have a skilled and somewhat paranoid system administrator who has enough time to check up-
to-date sources of security information for the operating system and other products you use.
Using Encryption in PHP
A simple, but useful, task we can use to demonstrate encryption is sending encrypted email.
The de facto standard for encrypted email has for many years been PGP, which stands for
Pretty Good Privacy. Philip R. Zimmermann wrote PGP specifically to add privacy to email.
Freeware versions of PGP are available, but you should note that this is not Free Software. The
freeware version can only legally be used for non-commercial use.
If you are a U.S. citizen in the United States, or a Canadian citizen in Canada, you can obtain
the freeware version from
http://web.mit.edu/network/pgp.html
If you want to use PGP for commercial use and are in the United States or Canada, you can get
a commercial license from Network Associates. See
http://www.pgp.com
for details.
E-commerce and Security
P
ART III
338
19 7842 CH15 3/6/01 3:40 PM Page 338