At 14:21 1/10/01 -0600, you wrote:
>I've tried to get some help for this from the sql lists but haven't got any
>response, so I'm going with the trusty CF group on this. Is what I'm looking
>for is software to encrypt certain table fields in a sql 7.0 database. I
>would also like to here from any of you on how you handle sensitive data,
>either on the database side, or through your applications. I'm referring to
>things like credit card information.
It depends on how you are delivering the final order to the merchant.
Is it by email with the plain text credit card included? If so why
even bother encrypting the data in the database, you're already sending
plain text credit cards via the most easily hackable form of communication.
If you are sending the merchant a secure, PGP encrypted credit card number,
(as we do), then I would just store the encryped version of the credit
card. Also store the last 4 digits clear text. Then when a user comes back
to the site, you can show them the last 4 digits, and if they indeed do
want to use that card, just use the PGP encrypted block you have stored.
If anyone were to ever hack into your database, all they will get is
a bunch of gibberish, its worthless without the private key file AND
the associated password.
You didn't really mention how you are going to use these cards, so I don't
know if this info will really help you or not. Good luck.
Ryan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
