On 1/26/01, Duane Boudreau penned:
>Can anyone tell me what is involved with setting up PGP encryption? I'm
>thinking of using it to encrypt the numbers
>while they sit in the database.
It'll pretty easy with PGP and the CFX_PGP tag if the card is only
being stored so the site owner can retrieve it for processing. The
tag is about 400 bucks now.
It will be more difficult if you are going to use the stored credit
card numbers so the shopper can make future purchases with it using
online processing. You would basically need to create a key pair on
the person's e-mail address and password, encrypt the data with that,
then decrypt the data when they checkout for future purchases. Of
course, in that case, you would need to encrypt their password also
or the setup would be useless. Then try and decrypt their password
the next time they log in and store it as a session variable or pass
it around until they checkout. If they forget their password, you
won't be able to e-mail it to them since it will be encrypted. You'd
have to insert some random password, e-mail it to them, let them log
in, then make them them set a new password, delete the old key pair,
create a new key pair.
And then we have a whole NEW ballgame if their e-mail address changes. :)
This can all be done with the CFX_PGP tag, but it'll take some work.
Sounds like fun! LOL
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
954.721.3452
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
