|
Posted by Brent Baisley on 05/11/05 22:53
You can't be assured that the data is stored only in RAM. Just about
all systems use some sort of swap space, so what is stored in memory
could end up on disk in a swap file. Of course, if someone is able to
access the swap files on your computer, you're probably dead already.
PHP also stores session information in temp files, so I wouldn't store
credit card info in a session.
From what I have read, you shouldn't retain a credit number any longer
than absolutely necessary. In addition, the full credit card info
should not be stored with your regular database, it should be stored
only on the machine that has to actually charge the credit card. Which
shouldn't be your webserver.
On May 11, 2005, at 1:02 PM, Colin Ross wrote:
> I am working on a bit of code for credit-card processing, so please
> keep in
> mind, security of the data is essential..
> On part of it i wish to use a buffer, but i wonder if that data is
> saved
> anywhere on the running system (as a temp file, etc), or is it just
> held in
> the system's memory?
> My concern is that if an error occurs in the processing, i don't want
> that
> buffer to remain (with possible valid Credit Card data) on the
> system...
>
> Colin
>
> p.s. As with other 'touchy' subjects like credit card processing, all
> valid
> input is appriciated.
>
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
[Back to original message]
|