RE: Stored Credit Card Numbers. Best practice.

Mon, 21 Aug 2000 16:21:22 -0700 

The best thing, is to have the information in the database encrypted, as
well as protecting the database on a nother server and having security
wrappers on it as well:-) The more secure you make the database server, the
better it will be allround:-)

regards

Andrew Scott
ANZ eCommerce Centre
* Ph 9273 0693  
* [EMAIL PROTECTED]


-----Original Message-----
From: Mark W. Breneman [mailto:[EMAIL PROTECTED]]
Sent: 22 August 2000 00:14
To: [EMAIL PROTECTED]
Subject: Stored Credit Card Numbers. Best practice.



I know the first tip I will hear is don't store CC numbers.  But, in this
case I have to store CC numbers.  So, I am looking for any tips I can get on
storing CC numbers.

Lets start off by assuming the "client" info will be stored in one database
and their CC numbers in another.  In this case both on the same MS SQL
server.  Currently I am encoding the CC numbers with (CF) Encrypt.  As I
understand this encryption can be broken with a "hacking" tool.  And with
all the Microsoft bugs in IIS regarding viewing the source code.  The (CF)
encrypt key in it is not very safe to begin with.

So, I am looking for a better method of encrypting my CC numbers.  Perhaps
MS SQL server can encode a field value?  Any ideas, tips?

Also, do I bother encrypting the relation ship id number between the two
databases?  (client info and client CC number)

Any tips or ideas on database design or MS SQL encoding stored procs are
welcome...


Thanks

Mark W. Breneman
-Cold Fusion Developer
-Network Administrator
  Vivid Media
  [EMAIL PROTECTED]
  www.vividmedia.com
  608.270.9770

----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to