The more secure way to store sensitive data - txt vs. dbase

new7media

I am working with a group that wants to take donations online through their web site. Their web hosting account includes access to SSL. It doesn't include PGP or some other way to do secure e-mail transmission. They don't have the funds to set up an online merchant account for this; instead they will manually process all credit card donations.

Right now we are setting up a PHP-based donation form and plan to call the form through SSL (https). We are looking at two ways to store this data -- text file vs. MySQL database -- and I'm wondering if anyone has info about wh/ would be the better way to go.

(1) All input in the form gets saved to a text (.txt) file that resides in a password-protected (.htaccess) folder on the web server. When someone makes a donation the PHP script includes an e-mail trigger so that a message is automatically sent to a staff member letting them know they need to deal. We can build in a "delete" tool so that once the data has been collected overwiting the text file with a clean one is a simple one-click process.

(2) We have MySQL dbase access with this account -- is it safer to use SSL to transmit form data to the database for storage purposes? We would build in different views of the data, as required, and staff could then view/collect the sensitive info from a browser via https. We can build in deletion capabilities so that sensitive data is easy to remove.

Which would be the more secure way to go? Where are the holes in either of these? Is there a PHP encryption trick that we're missing?

Any help is greatly appreciated!

eoghain

Using MySQL would be a better route to take. I'm not saying that it'd be safer just better. Having the ability to store your users information in the database is going to give you many more benefits than using plain text files.

As for security you could look into encryption, I believe that MySQL has encryption functions, to secure the credit card information. But if you are storing the credit card number, no matter for how short a time, on the web then it is insecure. Nothing is perfect and if someone wants that information they will get it. The safest thing to do is have a database that holds that information that isn't connected to the web.

new7media

Understood. The reporting benefits of d-base storage are good to note.

It does seem that storing sensitive data in the d-base would be a little more secure in that with the text file, you just have to get to the file and you have everything. Versus storing it in the MySQL dbase, maybe over several tables or something like that to break up the data, would make stealing a little harder to do? Not impossible....but more of a hassle?

eoghain

"Security through Obscurity" is never a good choice. I'd spend a lot more time in figuring out how you are going to protect your customers data. Cause if you have even one slip up, no one will trust your company again and everyone will know about it. With the internet it is very easy for disgrunteled people to get word out about a company that they don't want people to do business with.

jayc

I know this is going off topic of what you were asking, but have you considering taking the donations through PayPal? It'd save the time of worrying about security and manually processing the transactions. Check out paypaldev.org for more information on using IPN.

Just a thought.