Posted by: ashattuc
Posted on: 2007-04-29 17:24:00
I'm curious if anyone out there stores credit card information on DreamHost's shared servers. I'm trying to figure out if you use encryption methods, can you feasibly store CC info in a shared hosting environment?
Posted by: letun
Posted on: 2007-04-29 17:48:00
Firstly we're not dreamhost employee,rather just customers. And dreamhost isn't such stupid to keep such sensitive information like credit card informations on an insecure place. Although you've a shared hosting customer,your information are stored on dedicated servers and databases(i think so). DreamHosts web panel is always secured and use SSL secure certificates.
6D7=7domain $7#UIP67=1 IP $67#2XDS=200%diskEdited by Letun on 04/29/07 05:53 PM (server time).
Posted by: sdayman
Posted on: 2007-04-29 17:50:00
I wouldn't do it. Being that it's a shared server, there's not much shielding it from other activities on your same webserver, or any other DreamHost server other than a username and a password. Even if it's encrypted, compromised encrypted information is a problem, especially since credit card numbers follow a fixed format. Someone with lots of time has a good chance of brute forcing a crack.
When I've wanted to accept credit card payments, I use PayPal and put a link on my own page for the payment.
-Scott
Posted by: monkeyboy7706
Posted on: 2007-04-29 17:55:00
Think he meant does anyone store credit card info from their own site rather than dreamhost themselves.
I'm sure there are some people out there who have done it but it isn't something I have done and don't think I would, I'd rather not risk being responsible for such sensitive details.
Posted by: letun
Posted on: 2007-04-29 18:01:00
There's many many talent crackers around the world wide web no doubt and they can do many thing to harm people. But if we only think about we've to leave credit for online use and perhaps a day have to put credit card on the show case(just joke)
6D7=7domain+$7#UIP67=1 IP+$67#2XDS=200%disk
Posted by: letun
Posted on: 2007-04-29 18:07:00
Maybe he meant that.... But in regard of storing credit card info on personal website i agree to you(monkeyboy). But aren't SSL certificates useful?
6D7=7domain+$7#UIP67=1 IP+$67#2XDS=200%disk
Posted by: sdayman
Posted on: 2007-04-29 18:27:00
The SSL certificate doesn't apply to the database; just the web connection to prevent people from sniffing the traffic and to provide some authentication.
-Scott
Posted by: Atropos7
Posted on: 2007-04-29 20:33:00
In reply to:I'm curious if anyone out there stores credit card information on DreamHost's shared servers. I'm trying to figure out if you use encryption methods, can you feasibly store CC info in a shared hosting environment?
If you want to encrypt something, you can use GnuPG
openvein.org -//-
Posted by: seiler
Posted on: 2007-04-29 21:47:00
One of the key parts of security would be not describing it in detail on a public forum, so I wouldn't expect many people to give specifics on their procedures.
Some general advice:
- Always use SSL. You can get a cheap cert from places like GoDaddy.
- Always encrypt sensitive data. PGP, GnuPG, etc.
- Consider splitting the credit card number between two different places. Retrieve, rejoin & decrypt later. I believe some shopping carts already do this, by putting most of the # in a DB, then mailing the rest.
- Delete everything that's sensitive from the server ASAP.
- Familiarize yourself with all areas of security for any databases & languages you're using, or pay a pro to make sure it's done right.
- If you're using a third-party script, always make sure it's up to date. The more popular the script is, the more important this step is.
- Secure your home/work PC where the info is retrieved.