md5 (one way encrypt) Hash pretty much standard way for passwords. I know alot of people that dont even encrypt passwords any more. The thought is if they have hacked your database what do they need the password for :)
As for credit cards,customer details and such Usually requires something around the lines of an (nChiper Key storage box which you would need a backup in case one breaks) to be PCI compliant. I have a cheap way I use for my Web Hosting Billing Software. I have a Ioncube encoded/encrypted php file that Accepts a value and returns an encrypted value. The key for the hash is stored in the file. If my site is compromised they would have to break ioncube's encryption before they can decode any database values. Its just one more step. Ioncube has been broken before but it takes alot of time and money :) Eric On 7/18/07, Tom Chiverton <[EMAIL PROTECTED]> wrote: > > On Wednesday 18 Jul 2007, [EMAIL PROTECTED] wrote: > > Can anyone recommend a good encryption method for sensitive > > information(login details, etc...) stored in database tables? > > Does simply hashing the value before insert solve your problem ? > > -- > Tom Chiverton > > **************************************************** > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in England > and Wales under registered number OC307980 whose registered office address > is at St James's Court Brown Street Manchester M2 2JF. A list of members is > available for inspection at the registered office. Any reference to a > partner in relation to Halliwells LLP means a member of Halliwells LLP. > Regulated by the Law Society. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above and > may be confidential or legally privileged. If you are not the addressee you > must not read it and must not use any information contained in nor copy it > nor inform any person other than Halliwells LLP or the addressee of its > existence or contents. If you have received this email in error please > delete it and notify Halliwells LLP IT Department on 0870 365 8008. > > For more information about Halliwells LLP visit www.halliwells.com. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:284004 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
