<cf_cya> I would strongly recommend against storing credit card numbers anywhere. 1. potential for thousands, if not millions, in dollars of liability 2. if the site's customers find out, they will likely go somewhere else (I do when I know a site stores my card #) 3. performance - CF's encryption is too weak - you'd need to use something third-party which would probably be a load increase 4. see #1 5. see #4 6. see #5 </cf_cya>
However, if you just HAVE to keep your users from reentering their card # every time, look at some third party solutions. Microsoft's comes to mind. (Okay ppl - let's pretend like we're mature and not turn this into another pathetic "why Microsoft is bad thread" - I'm just pointing out a potential technology) I don't know how much faith I have in other company's security infrastructures, but I'd be willing to bet that it's far better than anything that I could ever hope to build. ----- Original Message ----- From: "Don Vawter" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, November 16, 2001 1:46 PM Subject: Best practices storing CC > Any advice on storing credit card info? > > > My thoughts are that it should be stored in a separate db which is not > accessible via web > and have cf push the info to a template behind the firewall to do the actual > authorization and push the results back to the main server. Does this make > sense or am I making it too complicated (or leaving something obvious out). > > What are recommendatsions on encyption, is DES ok or do I need something > else? > > TIA > > Don > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists