However, unlike with passwords, you need to be able to retrieve this credit card information when
required by the order pipeline, so you can??™t simply use a hash (the hash algorithm is one-way). You??™ll implement
the credit card data encryption functionality using a number of business tier classes, which you??™ll see next.
Implementing the Security Classes
So far, two areas need security functionality:
??? Password hashing
??? Credit card encryption
Both these tasks are carried out by business tier classes that you??™ll save in the business
directory in the following files:
password_hasher.php: Contains the PasswordHasher class, which contains the static method
Hash() that returns the hash value for the password supplied.
secure_card.php: Contains the SecureCard class, which represents a credit card. This
class can be supplied with credit card information, which is then accessible in encrypted
format. This class can also take encrypted credit card data and supply access to the
decrypted information.
symmetric_crypt.php: Contains the class SymmetricCrypt, which is used by SecureCard to
encrypt and decrypt data. This means that if you ever want to change the encryption
method, you need to modify the code here only, leaving the SecureCard class untouched.
We??™ll look at the code for hashing first, followed by encryption.
Implementing Hashing Functionality in the Business Tier
Hashing is ameans by which you can obtain a unique value that represents an object.
Pages:
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601