I didn't really propose a one key system. I used it as an example. When I built one, I used a randomly generated key for each one. I was just explaining it in it's simplest form.
Tried and true is usually best. Dave ----- Original Message ----- From: "Dave Watts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, October 04, 2001 3:54 PM Subject: RE: Storing Credit Cards > > Any system is only as secure as it's programmed and it's > > server shored up. Granted, if you're doing business on the > > web in a manner that you're going to store credit cards, > > then you better be able to afford to protect them, whether > > it's PGP or other. My point is that PGP is not the end all > > for storing credit cards. You CAN build other systems. Face > > it, depending on the ability of the hacker, they can get at > > the cards, no matter where they are. One big problem is when > > folks put the numbers in databases that are in their web > > directories. Amazingly, even a short time ago, several high > > profile sites were storing credit card numbers in databases > > what were downloadable with a URL. Never put your database > > (Access) in a web accessible directory. > > All of this is true enough. My point was simply that using a single-key > system as simple as the one you proposed is not nearly as secure as using a > publicly tested, well-known encryption algorithm, ideally a public-private > key system. Of course, even with that, you have to secure the keys well. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > phone: (202) 797-5496 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists