I have an e-commerce website, in the backend area I have a page creating a file on the go (without saving it on the server) with very sensitive data (credi cards details). In order to access the page authorized users have to log in.
The file is then downloaded with these commandes
[PHP]
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=MB Web Sales - GBP - CAL-99976440-".time()."b atch-opt.csv");
header('Cache-Control: maxage=3600');
header('Pragma: public');
.........
echo $string;
[/PHP]
I would like to know if the data is secure during the download or not, and if it isn't what I can do to make it so.
The file is then downloaded with these commandes
[PHP]
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=MB Web Sales - GBP - CAL-99976440-".time()."b atch-opt.csv");
header('Cache-Control: maxage=3600');
header('Pragma: public');
.........
echo $string;
[/PHP]
I would like to know if the data is secure during the download or not, and if it isn't what I can do to make it so.
Comment