hi:

I need to make my site secure and I want to understand the most important things I should do to protect my client and my client's customers. They are going to be storing each customer's billing data (including credit card info for recurring billing).

i'm implementing a billing script which is going to automate monetary transactions. I would like this script to be accessible as a function for two distinctly different sections of my project.

My plan is to create two include files for this functionality. One contains the main routine which gathers up all necessary information to make a transaction. The other file contains constants specific to my clients transaction gateway.

What are the most common hack attacks? What are the most critical things I should do in my code to close these holes?

I plan the following:
1) separate transaction routine from constant definitions to make code more difficult to hack.
2) place transaction gateway values into constants so they cannot be altered programmatically
3) put a check at the top of each of my two include files that will EXIT if certain $_SESSION vars are not defined.

Can anyone point out additional safety measure or vulnerabilities of my approach?

    one tip would be change any Personal info such as SS# or CC# into non readable format. so if somone was to take a peek into the database they want know the CC#

    not sure, you may have already done that.

    if you can change your user name from root to something differnt it helps form users guessing your acount info.

      Write a Reply...