Being on the team needing to implement the encryption solution, I have a
question.
Our concern with other CFX tags like CF_PGP, etc. was that the password had
to be stored somewhere accessible to the web server and therefore not as
secure as we want. Will this new tag provide for a way to store the
password where we can block a cracker from accessing it?
Russel
============================================================
Russel Madere, Jr. Senior Web Developer
ICQ: 5446158 http://www.TurboSquid.com
Some days you eat the bear; some days the bear eats you.
============================================================
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 17, 2001 10:18
> To: CF-Talk
> Subject: Re: Storing/Encrypting Credit Cards
>
>
> Just a note on encrypting. I know of a company getting ready to release a
> strong encryption tag that will use 128bit ryndahl encryption algorithm.
> look at www.cfxworks.com for more info. Actually there site is
> still under
> construction, but will be ready soon. It should be released very
> soon and it
> is rock solid from our testing... You can forward any questions to me...
>
> Thanks,
> Robert
>
>
> ----- Original Message -----
> From: "Matt Wisdom" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, January 17, 2001 10:47 AM
> Subject: Storing/Encrypting Credit Cards
>
>
> > We need to store credit cards in a certain situation. I realize
> that this
> is
> > recommended against.
> >
> > That being said, I have searched through the archives, and I
> haven't found
> > any solutions that are great. The best I found was to use a solid ( or
> > "pretty good" ;-) encryption for the credit card numbers in the
> database,
> > and then force the hacker to figure out how CF is unencrypting the
> numbers.
> > The other suggestions were ways to further obfuscate this process, but
> none
> > were "100%" solutions.
> >
> > An alternate solution I am considering is to store part of the
> credit card
> > in our database, and part in a user cookie, both encrypted of course. We
> > already have a cookie requirement in the case where we need to store
> credit
> > cards, so that is not a problem. Also, I don't think that the users will
> > mind only being able to access their credit cards from the machine from
> > which they were saved.
> >
> > Is anybody utilizing this method?
> >
> > Matt
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
