SSL?

bjblackmore

Hi,
I have a secure server, and a page that people put credit card info into. How do I get that info into the secure server? Is there a script that will do it? Or do I just open a file, and write the info into the file, under the secure directory?
Cheers
Ben

Anon

you only have to open the page. SSL goes down the web application so you don´t have to do anything.

The server do it for you.

bjblackmore

Yeah, but what do I need to do?
People fill in the form, press submit, then what? Do i need to post something? Store it in a file? What do I need to call?
Ben

Anon

ehhh???

I think you need to read the manual on php.net.

Anon

Where would I find that part of the manual? I just searched php.net for ssl and secure, but it didn't find any specific funtions?
Cheers
Ben

amcgrath

well, if people are accessing the credit card page via the secure server, you've already done it. I think the question you are asking (though you didn't) is what do you do with the data once it is submitted... let me know....and whatevre you do, do NOT write the credit card data to file (if you do, please write a cron to email me that file once a day 😉

Anon

Yeah, thats what I want, they fill in the form, press submit, then what? Do i e-mail it to my client, using pgp? or encrypt it in a database or what?
Cheers
Ben

amcgrath

Are you processing the charge? a la Cybercash, paypal, etc... If you are storing it into the database, you might want to encrypt it, yes. I would not email the account. If you are processing it through an online bank, then do you really need to keep the data stored somewhere?

bjblackmore

I'm not calculating it yet! Not that advanced yet, maybe later. At the moment, they just buy the item, and add their credit card info. I don't really want to store it anywhere for security, so I thought encryping it via pgp and sending it via email would be best!
Cheers
Ben

Anon

Dear Ben:

It´s very dangerous to send credit card numbers to email and to store credit card numbers in a database or in a file.

I think you have two good options:
- talk with a bank and they give you a script to put in your web using SSL to comunicate with them.(easy)

-again, talk with a bank and they give you a SET (SEcure Electronic Transaction) information to comunicate with them.(more difficult)

If you do that you don´t have to store any credit number and you sleep tranquil.