You can use asymmetric-key RSA encryption economically... http://developer.perthweb.com.au/textcrypt.html
I've been using that tool for many years. its about as safe as you can get for encrypting stored data. Key part of that phrase is "as you can get". The problems with symmetric key encryption were already well-stated. Don't even think of doing that. In theory a combination of SSL and a 128-bit RSA encryption provide a commercial-strength solution, but I would argue that its a horrible idea to store credit card info on a server you are responsible for. Its such a gross violation of best or even acceptable practices in the IT and financial industries that the liability you will bear if the chain of custody on the private key is compromised... the liability you will personally incur, as well as what your client will incur... its not worth the risk. I would suggest that, if you are storing data encrypt ALL of it to make the job more difficult. Do not name the fields with hacker-usable names (like credit_card_number) Use symmetric key encryption to encrypt first, then use asymmetric to encrypt that. Access your db server via a 2nd nic and make that 2nd nic go to the other server via internal IPs only. .... and say your prayers regularly. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion 8 beta â Build next generation applications today. Free beta download on Labs http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280270 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4