Does able commerce store credit card info in the database? If so, what
security do they use?
Rich
-----Original Message-----
From: Jennifer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 11:51 PM
To: CF-Talk
Subject: RE: Storing/Encrypting Credit Cards
At 06:11 PM 1/17/01 -0500, you wrote:
>On 1/17/01, Jeremy Allen penned:
> >Next, you should use a public/private key system and encrypt
> >the credit card with a public key, store the private key's
> >TOTALLY off the server.
>
>Hi Jeremy. Just curious. If the private key is created with a
>sufficient passphrase, how hard would it be for a cracker to use the
>private key to decrypt the data? It seems it would be difficult to
>use any sort of online encryption/decryption routine without the
>private keys stored on the server.
Part of the problem is that when you store the private key totally off the
server as stated, such as, behind a firewall that lies behind the server,
protected from network entry, you have an issue retrieving the Credit Card
info for the sake of the user, which could be the problem in this case.
Encryption is not as much of a problem as decryption. You can set up your
network to allow decryption behind the firewall behind the server but that
means that you can't put the CC number in the form, which is what this is
normally used for. The server can't make requests to the other side of the
firewall, which is why the private key is safe.
Basically it's a big nasty mess. Besides, if your encryption scheme isn't
strong enough a hacker doesn't need a private key.
You could store the last four digits in the database unencrypted and send
that to the browser for user confirmation but your order processing would
have to be on the other side of the firewall.
Storing credit cards = bad.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
