>>I'm >>particular in need of encrypting/encoding credit card >>nums before storing them > > > Two-way encryption? Blowfish, with Crypt::CBC. Storing credit cards is > a bad idea though.
that really depends on your business - if you are, say, an ISP that invoices clients monthly asking them to give your a CC number each month is not exactly customer friendly :) at $company we did not encrypt credit card data, which surprised many people. but hiding the decryption key from technical people is generally impossible, and it turned out to be very convenient on many occasions to have all the client information when resolving various types of elevated client problems. sure encrypting it keeps it out of the hands of your sales people and CSRs. well, unless you let those people add or change credit card information, in which case they could be writing them down all day... the point is that storing them at all is in many cases necessary, but by encrypting the data you're not eliminating risk at all, just reducing it (and very slightly at that). arguing whether simply reducing risk is a good thing (more barriers) or is a bad thing (false sense of security - ask me in person some time) is something that people/managers/businesses need to decide for themselves. for those interested, "The Art of the Steal" is a facinating read on this kind of thing :) --Geoff -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
