On 3 May 2001, at 15:52, Tony Schreiber wrote:
> 1) The User's password is stored as a one-way HASH.
> 2) The Credit Card info (list of cc number,exp date and
> verification number) is stored as an ENCRYPTED string with the
> User's raw password as the key.
That's fine as long as the only reason you're storing the
credit card number is to prevent having to ask the customer for
it again the next order. But if that was the only reason for
keeping the number, it seems hardly worth storing it in the
first place -- just forget it as soon as you've charged the
card.
I thought the reason most people kept card numbers around was
for handling credits, delayed charges, and other problems (or
possibly because of record-keeping requirements of their bank),
or because they're doing the credit card charges manually (or
at least with some human intervention) rather than in real
time. It doesn't seem like your solution would work in that
situation.
Keith C. Ivey <[EMAIL PROTECTED]>
Webmaster, EEI Communications
66 Canal Center Plaza, Suite 200
Alexandria, VA 22314
Telephone: 703-683-0683
Fax: 703-683-4915
Web Site: http://www.eeicommunications.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
