I agree with Mark. Wouldn't do it on shared hosting. A dedicated server is quite cheep in the US, you just need to licence all your products. But if you take a Linux / Railo / MySQL path its all free.
I would encrypt the data, store it in the database. I would not store the key in either code or on the file system. The key should only live in ram and only while needed. Thus you should get the user to enter the key or the key should be generated by some entered info. Ie the key is a hash of the username / password. Obviously they can't change their password. Also, be very very very careful, that you do not lose the key. Regards Dale Fraser http://dale.fraser.id.au http://learncf.com http://flexcf.com -----Original Message----- From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf Of Mark Mandel Sent: Thursday, 26 February 2009 7:34 AM To: cfaussie@googlegroups.com Subject: [cfaussie] Re: Cold Fusion Encryption of Bank Details etc I wouldn't store those sort of details on shared hosting... no way, it's too risky. Even with encryption, you're relying on the shared host to maintain your security, and if someone gets hold of you DB, its your head on the chopping block, not yours. If they are running cf8, it's a little better, but I would highly advise setting up a VPS if you're going to go down this route. A good VPS isn't that much more expensive than a decent shared host, and you have full control over your data and security, without the feel of a different shared host trying to take a peek at your data. Mark On Thu, Feb 26, 2009 at 1:36 AM, SAMARIS Software <rai...@ozemail.com.au> wrote: > > Hi, > > My customers are wanting the bank account details and contract details of > their customers which are being stored on my sql database to be encrypted in > order to protect the privacy of the client information. My software > application stores contact and bank account details of property owners who's > properties are being managed by my client, hence the need for my client to > have bank account details and contact details recorded within my cold fusion > application that has an sql dbase back end. My software application is used > at the end of each month to calculate and issue income statements and > generate aba files to eft payment of income to the property owners. > > My application is being hosted with a large cf hosting company in America, > the application is running on a shared CF hosting service. > > Can anyone provide me with some assistance in relation advise on the best > approach to protecting the data ie encryption of the data stored on the sql > database. > > Regards > > Claude Raiola > B.Econ (Acc), B.Hot.Mngt. > > Websites: > www.AustralianAccommodation.com > www.SAMARIS.NET > www.WebSiteSolutions.com.au > Mobile: 0414 228 948 > > > > > -- E: mark.man...@gmail.com W: www.compoundtheory.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---