I want to encrypt billing information an ecommerce app. I know the argument against storing it, and we are considering not storing it. But I just want to explore options.
So I can encrypt in cf with aes, or in sql server with a certificate and triple des symmetric key, or both cf AND sql server. What is the best choice? What is required for PCI compliance? Also, if I encrypt in sql server with a certificate and key, if I back up the live server and restore locally, will the data be accessible? Are the certificates and keys movable? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330899 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4