Welcome Guest, Not a member yet? Register   Sign In
is there a character limit you should aim to stay under regarding storing information in the uri?
#1

[eluser]dadamssg[/eluser]
I have a receipt controller that loads an html receipt view of a certain transaction. Whenever the transaction occurs, i load this view and send it to the customer in an email. Doing it this way also allows for customers to view the receipt in their browser. Right now the emailed receipt doesn't include any cardholder data. No first name, last name, address, method of payment or anything which i would like to change.

I'm trying not to store any cardholder data in my database for any amount of time so i thought i may encrypt the POST cardholder data and put it in the the url when i'm getting the html receipt to send in an email. My concern is that the encrypted first name, last name, address, city, state, zip code, phone, email, method of payment will be too much to safely use in the uri.

I'm pretty sure i wouldn't have to worry about anything if i didn't encrypt the data and just urlencoded() it but i don't know if my server will log all url's called. Figured it be safer to encrypt it.




Theme © iAndrew 2016 - Forum software by © MyBB