In this system (and you know which one I'm talking about) the values aren't actually committed to the DB until there is something in the cart and that's where I would do the encrypt/decrypt. As close to the DB as possible to avoid deeper system changes. However, the only thing I really NEED to encrypt is the payment details like name, CC number and cc expiration date. Those aren't entered until later so I'd potentially be encrypting/decrypting data more than is needed.
I'm using AES-128 bit because it is both the fastest and most secure according to the documentation I've come across so far. Now that I'm thinking about your response, maybe it would be better to write something that would parse out those few values that must be encrypted and decrypt in a similar fashion to avoid processor/memory spikes during the encryption process. I could still do that as close to the DB as possible and the code wouldn't be terribly difficult. I think I have my answer. Thanks! -Jake On Fri, Feb 11, 2011 at 10:40 AM, Mark A. Kruger <mkru...@cfwebtools.com>wrote: > > My one caution is that encryption is processor intensive. I wouldn't > encrypt > until you actually have a cart (like I wouldn't arbitrarily encrypt every > session to start with). > > -mark > > > Mark A. Kruger, MCSE, CFG > (402) 408-3733 ext 105 > Skype: markakruger > www.cfwebtools.com > www.coldfusionmuse.com > www.necfug.com > > > > -----Original Message----- > From: Jake Churchill [mailto:reyna...@gmail.com] > Sent: Friday, February 11, 2011 10:32 AM > To: cf-talk > Subject: AES Encryption Limits > > > Hello All. > > I am working on a database driven session environment that is used on a > shopping cart. The cart is not currently PCI complient so I am working on > encrypting certain items. > > The session is stored in the DB as a WDDX packet in an ntext field. Rather > than parsing the structure and encrypting just certain pieces of data, I > was > playing with the idea of encrypting the entire WDDX packet. This works > fine > in my tests, but I am worried about any possible limits I might reach. > Theoretically, the WDDX string could be enormous as there is nothing > limiting the size of carts in this system. > > Does anyone know if I'll potentially hit some kind of limit using this > method of encryption? This will determin the path I take. If there is no > limit, I'll just make my life easy and encrypt the entire thing. If there > is a limit, I'll write some code to parse out the structure and only > encrypt > certain members. > > Thanks in advance. > > -Jake > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342142 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
