Jessica Kennedy wrote: > I need some help finding a secure way to store credit cards on a website I am > working on.
1. Don't 2. No really, don't I've had to do it once. I wasn't happy about it. I made the client sign a waiver saying that I was in *no* way responsible if anything ever happened and the server was compromised. It still scared the hell out of me, so I had to be devious in the storage. I set up 6 fields in the database. I *split* the card numbers up into six different "chunks", merged each one of those chunks back into 6 legit looking card numbers, and then encrypted, using different encryption methods for each field, them all into the six fields. I figured the chances of somebody comprising the database, un-encrypting all six fields, and then figuring out which part of each number needing to be combined together into the real number was pretty slim... Paranoid? Oh yea... Better than nothing ... But hey, DON'T. Seriously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305931 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
