Bungholio
07-17-2003, 09:44 AM
Hi, thanks for looking !
I just wanted to ask a few general questions about taking credit card nfo via a form etc... I did a quick look over the forum, but didnt see anything :)
I currently have a small shopping cart ive made where people can order photo's from a photographer. The orders get stored in a DB and when they view their cart, all the orders that have thier SessionID (a custom one, not default php one) get displayed. Anyways, all that works fine, but now im getting close to the check-out process.
I have got 128bit SSL installed on the site, so i have https://. Now, I'm going to have the user come to the payment page, it will display all they want, and have a form for them to enter all thier info, name, address, credit card, this will all be on the https://formpage.php. From what I understand, https means you have encrypted sending of information from the user to the server, right? Therefore I think everything should be fairly secure so far.
Unfortunately my client doesnt want to pay for Authorize.net or this would be much simpler ;) ... So if all goes well, the client has done their order and put in their info, and it has been sent encrypted to the server. Now I'm looking for any suggestions as the best way to get that info to my client. I understand that if i send that in an email, it would not be secure...so im thinking, maybe store it in a DB? is that secure? ... I do have an admin section on the site (uses .htaccess) so I can add a page for my client to view ordera, and I would make sure its on https:// .. want to keep that encryption ;) ...
But what do you think? Is that the best way to get the user info and give it to my client? ... Im kinda new at this security stuff, its my first e-commerce site ... please let me know if you have any tips or suggestions, i really appreciate it !
Thanks,
Allan
I just wanted to ask a few general questions about taking credit card nfo via a form etc... I did a quick look over the forum, but didnt see anything :)
I currently have a small shopping cart ive made where people can order photo's from a photographer. The orders get stored in a DB and when they view their cart, all the orders that have thier SessionID (a custom one, not default php one) get displayed. Anyways, all that works fine, but now im getting close to the check-out process.
I have got 128bit SSL installed on the site, so i have https://. Now, I'm going to have the user come to the payment page, it will display all they want, and have a form for them to enter all thier info, name, address, credit card, this will all be on the https://formpage.php. From what I understand, https means you have encrypted sending of information from the user to the server, right? Therefore I think everything should be fairly secure so far.
Unfortunately my client doesnt want to pay for Authorize.net or this would be much simpler ;) ... So if all goes well, the client has done their order and put in their info, and it has been sent encrypted to the server. Now I'm looking for any suggestions as the best way to get that info to my client. I understand that if i send that in an email, it would not be secure...so im thinking, maybe store it in a DB? is that secure? ... I do have an admin section on the site (uses .htaccess) so I can add a page for my client to view ordera, and I would make sure its on https:// .. want to keep that encryption ;) ...
But what do you think? Is that the best way to get the user info and give it to my client? ... Im kinda new at this security stuff, its my first e-commerce site ... please let me know if you have any tips or suggestions, i really appreciate it !
Thanks,
Allan