Hello@all,
we need a very secure online shop for our customers, that the webhoster cant show and read the user data informations like name, address and so on.
How is that possible?
And if you are a coder and it is with the default cs-cart not possible, what are the cost´s of it?
Thanks very much for fast answer!
Well, depending on how secure you want to be… the answer can vary.
You can use str_rot13() on some of the database fields that are most sensitive, like email, contact info…
Just need a little wrapper around DB function that would detect needed tables and shift the data.
You can even have your own function…
If you want encryption, not a simple rotation, your fields will get larger, thus, you would need to edit DB field lengths…
The cost… Depends how secure you want to be. However, with a general setup, you might make DB useless for any hosting pirate but if they will put their time in extracting code from your php files, they will be able to reverse it. Just would take time for them to learn where and what makes it a readable text.
Is it not the best way is to have a dedicated machine and just lock it tight without any backdoors for your hosting provider… ?
Hi TexasGuy,
yes, we like to datas very very secure. The best is, if the datas from the clients cant crackable! What options we have for this? Or what solution you think about? And what are the costs?
Question is, would your hosting provider have a physical disk access to your PHP files?
If yes then there is no way to accomplish this to the degree of a good security. They would be able to reverse enginer any key requests or algorithms used. You would need, still, a server unaccessible by untrusted personel. If you will get one of those then why not have the whole cart running on one in the first place?
PS: The security can be relativelly uncrackable, there is no technology that would promise 100% security.
What do you mean with
[quote]
If you will get one of those then why not have the whole cart running on one in the first place?
[/quote]
???
Do you know a really secure but very fast webhoster for my req.?
OK i dont need 100% but 98-99% will be good 
I was talking about an encryption key server, one that would feed the key.
Server is considered secure if your dedicated machine does not have an account for your hosting provider. Just ask your fav hosting if they REQUIRE an account on your machine or not. If you will manage it yourself then likely they never need to login to your machine, if something happens, they can always physically disconnect the network.
Also, get yourself some wiz linux admin who can setup accounts properly and manage them. There is no need for encryption of database if all the settings are correct.
The cost: A trusty person who knows well lunix + any hosting fees.