What do you usually do to make a mysql / php combo more secure.
- Validating the form input within the php script
- Limit the db user account to the action the script should do
- Firewall the db ports
- Use safe passwords
I am wondering if you have anything else in mind to lock the cc information in the db.
Encryption of certain db fields? How to store the keys ...