Which is the safest way?

Anon

Hi.
My site is on a hosting sever.
I need to transfer credit card information from a user to the administrator.
User fills the form and sends it to the server through SSL.

Then I have two options:
1. Storing the information in the database on the server and show it to the administrator through SSL.
2. Emailing the information to the administrator right away.

Which option is more safe? How do I make it safe? Encrypting? What do I use for encrypting?

Any ideas?

cornelalexa

The first way can be a solution but you must store the CreditCard numbers and customer information in encrypted form.This can be a problem since you must use a reversible ancryption algoritm.This need a password and the password is somwhere in your php scripts.
So if you trust... the people from your Hosting company then can be a way.

The second way can be accomplished by using the PGP .This work with two keys.One private and one public.So any encrypted data with the public Key wich is on the server an can be seen by others, can be decrypted only with the private key(witch you give to the Admnistrator).
So you can prepare an Email,encrypt'it with the public key and send'it to the admin.
It's a more safe alternatie.
Hope to help.

Anon

Thanks for the ideas.

I don't trust my hosting company, so I will go for the second option.

Do I need any special software installed on the server?
How do I safely transfer a private key to the Administrator?
Will a basic skilled user be able to decrypt the PGP encrypted email?

cornelalexa

I sugest you to do a search on the google for the "USING PGP WITH PHP".You will find a lot of info.

You can ask the Administrator to generate the key.In this way you can get the public one for the server and he can keep the private one.

All the best.

Anon

thanks a lot. I'll try that.