[UPHPU] store sensitive data in mysql + php web application
Jonathan Duncan
jonathan at bluesunhosting.com
Tue Jun 30 11:20:24 MDT 2009
On 30 Jun 2009, at 11:00, CarSign wrote:
> I am needing to store sensitive data like a Social Security Number
> in our database that will be used by our web application.
>
> Should the data be encrypted by PHP before it is passed to mysql OR
> should it be encrypted by mysql OR should I encrypt in both places
> so that it is double encrypted?
>
OR you could forget trying to do it yourself and rent a PCI compliant
data store. Authorize.net had a Customer Information Management
offering that is PCI compliant. Ask MGeary, as he has worked with it
quite extensively.
More information about the UPHPU
mailing list