MD5 encryption of passwords is secure since you do not need to decrypt the password ever (in fact you can't). You just encrypt the password that the user entered and check if the MD5 of each password is the same, then the user most likely entered the correct password.
----- Original Message ----- From: "Sascha Braun" <[EMAIL PROTECTED]> To: "PHP Mailingliste" <[EMAIL PROTECTED]> Sent: Tuesday, August 13, 2002 10:52 AM Subject: AW: Re[2]: [PHP] Credit Card suggestions > If there is no secure way to store creditcards on webservers, please tell me > about how secure it is to encrypt passwords with md5 encryption. > > I want a password secured area in my website where I store some company > concepts I invented. I'm searching for people who got enough money to make > these concepts happen in true life, but I don't want these people to look at > the concepts before I don't have there Personal Data. > > If someone is interestet and German speaking you may look at > www.weitsicht.org, but the site isn't finished yet. some things don't work > on other browsers than IE. > > Thanks > > Schura > > > > -----Ursprungliche Nachricht----- > Von: Geoff Caplan [mailto:[EMAIL PROTECTED]] > Gesendet: Dienstag, 13. August 2002 10:20 > An: Mike Mannakee; [EMAIL PROTECTED] > Betreff: Re[2]: [PHP] Credit Card suggestions > > > Mike, > > >>Does anyone have any suggested method of scrambling a user's credit card > >>number before I stick it in a mysql database? > > With respect, if you have to ask the question, you don't have the > technical skills to do this safely. In particular, there is no way to > keep the numbers secure if you are storing them on a machine which can > be accessed directly from the internet. Both your encryption keys and > your card numbers would have to be stored on a back-end machine > protected by a sophisticated firewall. > > Payment gateway providers have to meet challenging standards and > undergo rigorous audits from the banks before they are allowed to > store numbers. Much your best solution is to use one of these > providers, who will store the card numbers for you. You can then do > all the transactions you require, such as repeats, refunds etc without > ever having to store the card number. Many providers offer the options > of using forms on their servers, or using your own SSL forms and > posting them the data using the SSL. With the CURL library, writing an > interface for this is relatively trivial. > > Many countries (such as the UK where we operate) have laws about the > storage of credit cards on computer networks, so what you are planning > may even be illegal! > > -- > Geoff Caplan > Advantae Ltd > > mailto:[EMAIL PROTECTED] > http://www.advantae.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
