chrometweaks.org

What's the Best Free Website Creation and iPage hosting service?

Click Here To View All Answers...


Got a quick question: What's the Best Free Website Creation and iPage hosting service? Thanks in advance for any comment. 2nd question I got is.. Going through the DB I noticed that CC numbers aren't encrypted in anyway. Barring me missing a Configuration Option I think this is a rather big problem..

God forbid someone gets into my system or just access to the DB, they now have tons of CC's (I like to pretend one day I'll have tons of orders :.

Has anyone thought of running at least MD5 hash on orders that have been processed? Or at whatever Order_Status you set?.

Because at some point there really shouldn't be a need for a CC#?.

Thoughts? A little help?.

Thanks..

Comments (117)

I would like to know the answer too. Anyone here know what is the answer to your question. I'll do some Googling and get back to you if I find an useful answer. You should email the people at iPage as they probably could help you..

Comment #1

This helps somewhat... I think my situation might not really allow this to work. But it is definitely something to think about..

I think I'm going to write a function to encode the CC's fully after the Status is changed though..

If it's clean enough I'll make a contribution out of it..

Thanks for the head's up, dunno how I missed the Split before...

Comment #2

There already is at least one contribution that does the encryption. But you need to keep the key in the files, so it may not be all that helpful..

I use the "split" method and delete the info from the database after filling the order (paper records are kept.) That way the whole number is not in the database and all the CC info goes away soon...

Comment #3

Yes that is a issue, but I dont think it effects many people which is the reseson there are not many solutions.

Most people use Processing services like Authorize.net so there is no need for the storage of the numbers, it is all handled by the processor..

Comment #4

Some day I too hope to be able to use an automatic processing site/script. Amazing how some people are such techno dinosaurs..

Thanks for the feedback...

Comment #5

Going through the DB I noticed that CC numbers aren't encrypted in anyway. Barring me missing a Configuration Option I think this is a rather big problem..

God forbid someone gets into my system or just access to the DB, they now have tons of CC's (I like to pretend one day I'll have tons of orders :.

Has anyone thought of running at least MD5 hash on orders that have been processed? Or at whatever Order_Status you set?.

Because at some point there really shouldn't be a need for a CC#?.

Thoughts? A little help?.

Thanks..

Comment #6

Admin -> Configuration -> Modules -> Credit Card.

Edit to "Split Credit Card E-Mail"..

Comment #7


This question was taken from a support group/message board and re-posted here so others can learn from it.