0

I just wanted to ask if there was a secure way to store the credit of a client in Mysql.

Lets say he pays $100 and we credit him 100 points in the database. Each point worth a dollar. Once he is using the system - we subtract a calculated amount from his account and update it in his dashboard - this happens a lot of times daily.

I just wanted to check with you folks here is this was the correct way here to do this? Because someone might hack the system and update his amount to 100,000 and use the system endlessly... It's like a prepaid system where one gets billed for what resources he uses etc...

I wanted to secure it somehow and in a manner that we could do calculations with that amount in PHP and update it back multiple times in a day to many users...

Any suggestions?

foxybagga
  • 4,184
  • 2
  • 34
  • 31
  • you can probably just write a script to encrypt those. Not 100% secure, but what is? If you use php, here is some sample code http://stackoverflow.com/questions/5089841/php-2-way-encryption-i-need-to-store-passwords-that-can-be-retrieved – i-- Jan 30 '13 at 14:30

1 Answers1

1

Well ...

  1. hire someone who will be in charge of security, so no-one can hack your system;

  2. make sure all your queries are injection proof;

  3. do regular backup;

  4. create a notification system for yourself, that notifies you of strange activities ( let's say, a client used to deposit 100$ every month, and suddenly that number increases 10x );

  5. do regular synchronization of what client spends, and what amount is in bank account available.;

  6. log all transactions (@MarkBaker);

  7. encrypt all sensitive data (@apprentice);

etc.

Community
  • 1
  • 1
Peon
  • 7,902
  • 7
  • 59
  • 100