I’m curious if anyone out there stores credit card information on DreamHost’s shared servers. I’m trying to figure out if you use encryption methods, can you feasibly store CC info in a shared hosting environment?
Firstly we’re not dreamhost employee,rather just customers. And dreamhost isn’t such stupid to keep such sensitive information like credit card informations on an insecure place. Although you’ve a shared hosting customer,your information are stored on dedicated servers and databases(i think so). DreamHosts web panel is always secured and use SSL secure certificates.
I wouldn’t do it. Being that it’s a shared server, there’s not much shielding it from other activities on your same webserver, or any other DreamHost server other than a username and a password. Even if it’s encrypted, compromised encrypted information is a problem, especially since credit card numbers follow a fixed format. Someone with lots of time has a good chance of brute forcing a crack.
When I’ve wanted to accept credit card payments, I use PayPal and put a link on my own page for the payment.
Think he meant does anyone store credit card info from their own site rather than dreamhost themselves.
I’m sure there are some people out there who have done it but it isn’t something I have done and don’t think I would, I’d rather not risk being responsible for such sensitive details.
There’s many many talent crackers around the world wide web no doubt and they can do many thing to harm people. But if we only think about we’ve to leave credit for online use and perhaps a day have to put credit card on the show case(just joke)
Maybe he meant that… But in regard of storing credit card info on personal website i agree to you(monkeyboy). But aren’t SSL certificates useful?
The SSL certificate doesn’t apply to the database; just the web connection to prevent people from sniffing the traffic and to provide some authentication.
If you want to encrypt something, you can use GnuPG
openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7
One of the key parts of security would be not describing it in detail on a public forum, so I wouldn’t expect many people to give specifics on their procedures.
Some general advice:
Always use SSL. You can get a cheap cert from places like GoDaddy.
Always encrypt sensitive data. PGP, GnuPG, etc.
Consider splitting the credit card number between two different places. Retrieve, rejoin & decrypt later. I believe some shopping carts already do this, by putting most of the # in a DB, then mailing the rest.
Delete everything that’s sensitive from the server ASAP.
Familiarize yourself with all areas of security for any databases & languages you’re using, or pay a pro to make sure it’s done right.
If you’re using a third-party script, always make sure it’s up to date. The more popular the script is, the more important this step is.
Secure your home/work PC where the info is retrieved.
Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.