We need to store credit cards in a certain situation. I realize that this is
recommended against.
That being said, I have searched through the archives, and I haven't found
any solutions that are great. The best I found was to use a solid ( or
"pretty good" ;-) encryption for the credit card numbers in the database,
and then force the hacker to figure out how CF is unencrypting the numbers.
The other suggestions were ways to further obfuscate this process, but none
were "100%" solutions.
An alternate solution I am considering is to store part of the credit card
in our database, and part in a user cookie, both encrypted of course. We
already have a cookie requirement in the case where we need to store credit
cards, so that is not a problem. Also, I don't think that the users will
mind only being able to access their credit cards from the machine from
which they were saved.
Is anybody utilizing this method?
Matt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
