Is this secure?

I'm trying to get the credit card information from my database table using an ajax request and display it using Vue. However the table don't have the full credit card number. Its just in the form of xxxx xxxx xxxx 2342 and other things such as exp-month, exp-year etc. But I'm also passing the stripe card-id. Should I do it this way? or should I consider something else?

mehany

10 years ago

Level 13

When it comes to sensitive information, I think this what I would do:

You mentioned you are storing exp-month, exp-year and you pass strip ID to front-end! then secure database connection with a self signed SSL certificate. example

//config/database.php

  'mysql' => array(
  'driver'    => 'mysql',
  'host'      => 'localhost',
  'database'  => 'test',
  'username'  => 'forge',
  'password'  => 'secret',
  'charset'   => 'utf8',
  'collation' => 'utf8_unicode_ci',
  'prefix'    => '',
  'options'   => array(
          PDO::MYSQL_ATTR_SSL_KEY    => '/var/www/cert/client-key.pem',
          PDO::MYSQL_ATTR_SSL_CERT    => '/var/www/cert/client-cert.pem',
          PDO::MYSQL_ATTR_SSL_CA    => '/var/www/cert/ca-cert.pem'
   ),
),

Of course secure website with ssl.
I would Use JWT token on client side to pass sensitive data between the server and the client. Example

I think this is the complex version of how to tackle this! maybe someone else can contribute a simpler better plan :)

1 like

JillzTom

10 years ago

Level 10

@JeffreyWay : Do you use stripe + vue for Laracasts? How do you implement this?

Please or to participate in this conversation.