RE: Storing Credit Card Info

Tue, 17 Jun 2003 20:23:37 -0700 

If that link doesn't work go to:

http://www.perthweb.com.au/

And click on Developer.

==
Peter Tilbrook
Internet Applications Developer
Australian Building Codes Board
GPO Box 9839
CANBERRA ACT 2601
AUSTRALIA

      WWW: http://www.abcb.gov.au/
   E-Mail: [EMAIL PROTECTED]
Telephone: +61 (02) 6213 6731
   Mobile: 0439 401 823
Facsimile: +61 (02) 6213 7287 

-----Original Message-----
From: Matt Robertson [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 18 June 2003 9:51 AM
To: CF-Talk
Subject: Re: Storing Credit Card Info


Holy cow... thats a very scary prospect.  Obviously an SSL connection is the
first step.  Then...

Encrypt the data.  Don't rely on either CF or mySQL's encryption if you can
all possibly avoid it.  My personal favorite encryption method is
cfx_textcrypt from http://perthweb.developer.com.au but I'm sure others on
the list have favorites of their own.

And as soon as you can get those cc numbers off the server, do so.  Remember
you have to ensure the integrity of the transaction throughout, so if you
are planning on transferring to a local db then *that* connection -- be it a
brute force ftp copy (possible under mysql but ugly) or a local cf server
pulling data off the live box via a remote odbc connection -- has to also be
ssl-secured. 

-------------------------------------------
 Matt Robertson,     [EMAIL PROTECTED]
 MSB Designs, Inc. http://mysecretbase.com
-------------------------------------------


---------- Original Message ----------------------------------
From: "Issac Rosa" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 17 Jun 2003 19:02:14 -0400

>My client has a need to store credit card.  What's the best, cost
>effective, most secure way of doing this?  Is it just better to capture
>the information in the db and then download to a local db, and keep off
>the server?  I'm curious to know what others are doing in this
>situation.  Currently, the application and db (MySQL) are on a shared
>server.
>
> 
>
>Thanks,
>
>Issac
>
>
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to