Re:[cobalt-users] payment method

[RaQ3 <cobalt@xxxxxxxxxxx>]

"Carrie Bartkowiak" <ravencarrie@xxxxxxxx> wrote on 08.02.01 21:12:47:
>
>Hey guys,
>The system that I'm building is going to have three options for taking
>payment info from the customer:
>1. No credit card/payment data accepted online; instead the customer enters
>all of the *other* information and then when the domain is set up they'll be
>sent instructions on how to pay (like through PayPal, or send them a
>Billpoint or ProPay invoice, etc.)
>2. Credit Card number will be accepted online, where the host can then plug
>it in wherever they do their credit card transactions
>3. Feed the total fee to a link that will lead to whatever secure webpay
>gateway you might use; like PayPal or Clickbank or CCNow or a place like
>that (I know, CCNow doesn't do services, it's an example)
>
>My problem is with Option 2.
>I'm really *really* wary about putting a customer's cc info anywhere on a
>server where there are also hosting clients. Customers with telnet can just
>go and browse into folders and gather information at their leisure - so
>that's out. Even if the folder is password protected, it still won't stop
>someone who's got shell access. (Unless someone can tell me what
>permissions/ownerships to put on a folder so that the server can go in and
>write to a file, but no one from telnet can browse in there except for
>root?)
>I can put the info into a MySQL table but again, I'm not comfortable enough
>with the security to do this.

Hi Carrie !

MySQL looks fine to me. As long as you close it as much as possible
regarding the rights of the users. And of course you should store the
cc-numbers encrypted. Should be OK then.

Greetings !
Thomas

--
InternAd.de
Internet Advertising
Thomas Prosi
tp@xxxxxxxxxxx