views:

279

answers:

6

I was thinking that was a good place because it is so temporary yes? I guess when I say 'ok' I mean both secure and ethical as well as practical for the code side of things. Please advise.

+2  A: 

If you are storing credit card data anywhere it should be fully encrypted! Storing in the session may be necessary, perhaps you've got a multi-part form to fill out, but it should be purged as soon as possible.

Soviut
I'd say even in a multi-part form, the CC data should be encrypted for transmission, then saved in the DB until needed again. If you need to reference the CC, use the XXX....1234 format.
James Deville
I don't think it's OK to store CC data in the DB, is it??
shogun
So does that mean I need to use javascript to encrypt it? What if javascript is disabled? How do I encrypt it on the way from the input control to the controller??
shogun
Javascript does not do encryption, the browser. You need to be transmitting your form data across a secure HTTPS connection.
Soviut
+1  A: 

Carefull with PHP sessions on shared hosts. Other users on the same host can steal sessions by creating a simple script that can open your sessions by manually setting the session_id then calling session_start(); If you must store CC nums use db stored sessions that are encrypted and delete promptly. Its in the users best interest to re-ask for the number when needed, savy web users will thank you for it.

Tim Santeford
+1  A: 

Keep in mind that session state may be stored in a database (depending on the configuration). Even if it is temporary in its nature I would make an effort to deal with the value the shortest time possible, and probably try to stay away from the session.

Fredrik Mörk
+1  A: 

Listen to episode #109 of Security Now! with Steve Gibson.

http://www.grc.com/securitynow.htm

In that episode, Steve details how he built his own eCommerce system that stores data in exactly the way you're describing. He doesn't store anything on the server side, but rather collects the data, encrypts and signs it into a binary blob that can't be modified (otherwise the signature won't match when it's resubmitted), and stores it in a hidden form field on the client.

Bob Somers
+1  A: 

The absolute best answer?

No. Don't do it.

The credit card details should be the last portion of your checkout process.

Gregory
A: 

Better yet, store it in application state. More better access. Your controls can bind directly against that as well.

OwenWiseman