Can I install mcrypt on a bluehost site?
I wouldn't think so.Having encrypted files text on the server.
There are many synchronous encryption libraries (encryption with secure key), but there may be implementantion problems sometimes. E.g. you have to use compiled code or include additional libraries. In C/C++ or Java you are able to solve this very simply, but if you are using some scripting languages such as PHP, you do not have valid configuration aviable always. Especially if you are forced to use commercial hosting or restrictive customer conditions.
My question is why do you want to use this?
I want to encrypt users credit card details. An yes I know it is not 100% secure but I will be stroing for a short period ~ 1hr before clearing the data.
Personally I think it's irresponsible if you knowingly store a client's credit card details on a system you know isn't secure... Highly immoral. Don't do it!
Seriously, don't store credit card data on a system like bluehost. Either use an external payment processing system like paypal or moneybookers or whatever, or get a dedicated server.
Originally Posted by mikemcvey
You could be getting yourself into a very sticky legal situation otherwise.
The nature of the bussiness is such that they need to manually process all orders so a payment gateway won't work. Also a dedicated host is still vulnerable...
I'm caught in the middle. I need to store the data somewhere... mcrypt seemed like a good short term solution.
get order (ssl) -> encrypt -> send client e-mail -> client logs in (ssl) -> decrpyt -> data deleted of server
Ant suggestions appreciated if there is another way.
What about this scheme...
Would this be secure?
Taken from another host but I know bluehost has SSL web-mail.
If you don't have a full E-commerce web store / shopping basket setup, you can still take credit card orders on your web site, via a secure order form that sends encrypted details to you via email. In order to do this you will need three things:
1) A merchant account with your bank so that you are able to take 'customer not present' credit card transactions. Your bank will normally provide you with a PDQ machine, which connects via the phone to your bank and allows you to process the credit card details you receive by email from your site.
2) Our SSL secure server account upgrade. See here for further details on the SSL services we offer. Essentially, once you have SSL set up on your site, you'll have a part of your site where you can place pages and scripts that will be fully encrypted with 128-bit encryption when transmitted to your site visitors, as will any input they send back via any forms in your SSL area. The most basic way to collect details is with an HTML form linked to a form-to-mail script (which we can provide) running in your secure area. This then mails the output to an email address of your choice, which should preferably be a mailbox on your Positive account (see below).
3) An email client capable of SSL secure email collection. You should direct any email output from your SSL area to a mailbox in your Positive account, such as a mailbox called 'orders' or suchlike. This means the mail never leaves the server, remains secure and doesn't sit waiting unsecurely at your ISP for collection. You would then use an email client capable of SSL secure email collection to safely and securely download this mail to your computer. Currently Outlook Express, Netscape Mail, the latest version of Eudora and SecureBat have this ability.
I have decied to go for pgp encrypted email..
Hi, I'm new to Bluehost and I happened across this post. I'm not finished transferring the files over yet, but is this something that Bluehost would set up (or is there a way that I can do it myself)?
The reason I ask is because I purchased a module for my site that uses both the Zend libraries and the mcrypt libraries. The author agreed to sell the script only under the condition that a large portion of the source is encrypted. Without both of those libraries enabled, about 1/4 of my site won't work. I see in the knowledgebase on how to enable Zend, but seeing this past implying that mcrypt isn't installed kinda scares me.
The module is related to an arcade piece, nothing to do with account information.
Last edited by Sageth; 07-09-2006 at 09:18 PM.
I am pretty sure that mcrypt isn't installed automatically on bluehost.. but maybe check. From my limited knowledge on mcrypt I think there is 2 version of mcrypt. One that is part of apache.. and one that is just a addon library. I was going to try and hook up that one...
Let me know if you get it running on Bluehost. Be keen to use it.