SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2009
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    advice about making user details secure

    hi, i am trying to make a webpage where users can submit their bank account details so that i can process payments to them offline.

    It is important to make this page secure and i was wondering the best way of doing it? Should i simply hold the details in a mysql database/use an ssl certificate/encrypt the details using md5 etc?

    Just to clarify, the page will simply allow the user to send their bank details to me. All payments will be made offline.

    All this is new to me to any advice is much appreciated.

  2. #2
    SitePoint Addict tuxus's Avatar
    Join Date
    Feb 2009
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you wish to keep personal information secure many approaches could be taken. The most common approach is to store them on a system which is not web-facing and encrypt them using SHA-256 or 512. Using SSL is a must for any data being transmitted which you wish to stay secure. I don't know the laws everywhere on banking information storage but it is something to also look at.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2009
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the reply.

    i have set up a testing script and i have managed store data in my mysql in the sha512 hash, but how can i read the hash? i still need to be able to access the details in their original format.

    thanks

  4. #4
    SitePoint Addict tuxus's Avatar
    Join Date
    Feb 2009
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ugh what was I thinking LOL I gave you a choice of hashing algos instead of encryption choices (md5 is also a hash algo but it has been cracked), great for passwords, not so great in a situation like this where you want the data back in plain text. Use mcrypt with Rijndael encryption (or you could play with GNUPG but that seems like more effort with little improvement.

  5. #5
    SitePoint Enthusiast
    Join Date
    Jan 2009
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks again.

    Does anyone know where i can find a ready made function for this? I have searched the forum and the net but i cant really find a simple example?

    Regards

  6. #6
    SitePoint Addict tuxus's Avatar
    Join Date
    Feb 2009
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  7. #7
    SitePoint Enthusiast
    Join Date
    Jan 2009
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks again, i saw that but i wasnt sure where i include the Rijndael cipher?

  8. #8
    SitePoint Addict tuxus's Avatar
    Join Date
    Feb 2009
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    look at this line: $td = mcrypt_module_open('des', '', 'ecb', '');

  9. #9
    SitePoint Enthusiast
    Join Date
    Jan 2009
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nice one, thanks for all your help.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •