-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 William --
...and then William R. Mussatto said... % % On Sun, 1 Dec 2002, David T-G wrote: % % > Date: Sun, 1 Dec 2002 18:42:03 -0500 % > From: David T-G <[EMAIL PROTECTED]> % > To: mysql users <[EMAIL PROTECTED]> % > Subject: protecting ccard numbers % > % One way would be to encode the credit card number field using data from % an external file for the key and then backup that file separately from I thought of that as well. Putting the key on a CD and having that in only when it's needed would be good, too, but pretty inconvenient in a remote server environment. % the general backups. Then having the backups w/o the key would be % relatively safte from the fourth problem. You could also programatically % protect the credit cards since even if they could see the field, the % information would be protected. Right. My next approach is a get a [pgp?] passphrase from the user and cache that in memory but not save it in the backups; then the hacker would have to get at the running system to see where in memory to dump. On the other hand, it's only as safe as the employees using the passphrase; an improved approach is to tie it to the account used for access -- but now we're getting more into the system side than the database side, which may not be interesting to the list ;-) % % Protetion against hacker is another problem since with root access they % could see the program, the database and the key, although they shouldn't % be together. Of course not :-) They have to come together somehow, though, and that's the trick. Thanks! & HAND mysql query, :-D - -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health" http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE968+QGb7uCXufRwARAofpAJ9SXdmDhR9plTUj+0tvPhYc8xqfMwCeIy1Z XKJJGInZpD51Udt1XA6ODaA= =SUZ0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
