RE: Encrypting a credit card field...
Also, when you use Encrypt() it will convert to binary format. Therefore, before storing in a non-binary compatible field or database you need to convert the encrypted string to base64 via ToBase64(). After extracting the information from the database for decryption use ToBinary(), then ToString(), then Decrypt(). This is required because ToBinary() is needed to convert back from base64, but, Decrypt() takes a string as its first argument so you need to convert the binary string to a string string ;), then Decrypt(). Whew, did you get all of that? Here are examples: Encrypt() - #ToBase64(Encrypt(FORM.CC_Number, "#APPLICATION.str_Key#"))# Decrypt() - #Decrypt(ToString(ToBinary(qry_GetUserInfo.CC_Number)), "#APPLICATION.str_Key#")# Justin MacCarthy - Original Message - From: "Mark W. Breneman" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 3:46 PM Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting a credit card field...
For some reason I just though of this, but I want to make sure ecommerce people know about this, so: Here's general tip for everyone who does ecommerce... You should use input type="text" autocomplete="off" for form fields that are used for credit card numbers, or other sensitive data. With this option turned on MSIE's autocomplete will remember everything you type into forms, and that data is stored un-encrypted on the client's computer. __ Pete Freitag ([EMAIL PROTECTED]) CFDEV.COM / NETDesign Inc. ColdFusion Developer Resources http://www.cfdev.com/ -Original Message- From: JustinMacCarthy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 27, 2000 1:18 PM To: CF-Talk Subject: Re: Encrypting a credit card field... There is a cfx_blowfish somewhere , good security less cpu overhead than PGP or you chould role your own For BlowFish www.counterpane.com and directly http://www.ejim.co.uk/module/encrypt/index.cfm Justin MacCarthy - Original Message - From: "Mark W. Breneman" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 3:46 PM Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Encrypting a credit card field...
Simple solution - DON'T display the credit card number at any time unless the page is secured with strong SSL encryption and even then avoid it if possible. Use client or session variables to store the CC number - don't use hidden form fields or URL parameters even if you use encryption on the values. You cannot be too careful with credit card numbers. -- Rob Keniger big bang solutions mailto:[EMAIL PROTECTED] http://www.bigbang.net.au -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Encrypting a credit card field...
Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting a credit card field...
You can use the standard encrypt and decrypt in Cold Fusion. cfset thisValue = "#cc_info#" cfset mykey = "fubar" cfset Encrypted_info = encrypt(thisValue,mykey) Then decrypt it as needed: cfset origvalue = decrypt(thisvalue,"fubar") -Original Message- From: Mark W. Breneman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 27, 2000 10:46 AM To: CF-Talk Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Encrypting a credit card field...
There is a cfx_blowfish somewhere , good security less cpu overhead than PGP or you chould role your own For BlowFish www.counterpane.com and directly http://www.ejim.co.uk/module/encrypt/index.cfm Justin MacCarthy - Original Message - From: "Mark W. Breneman" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 3:46 PM Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting a credit card field...
--_-1242031387==_ma Content-Type: text/plain; charset="us-ascii" ; format="flowed" On 9/27/00, Randy Adkins penned: You can use the standard encrypt and decrypt in Cold Fusion. cfset thisValue = "#cc_info#" cfset mykey = "fubar" cfset Encrypted_info = encrypt(thisValue,mykey) Then decrypt it as needed: cfset origvalue = decrypt(thisvalue,"fubar") The last line should read: cfset origvalue = decrypt(encrypted_info,"fubar") But that's not why I'm writing. I just encrypted 54240015 and the encrypted value is: 0"@/=__S6[H3/0^G':I(R%D How secure is that? Just curious. The same number encrypted with cfx_pgp is: -BEGIN PGP MESSAGE- Version: CFX_PGP 1.07 - http://www.digitaloutlook.com/cfx_store qANQR1DBwk4DAuVQ2B6kACEQC/0QgM6QiBObHMkCVDd98gKFv0NCiVt4Y3Qi+uEa qUk7KdIJi1kVZZVjoCcI5gqOqJN6BrjticQThhypd6qRIO4fO5Q1q9OICxpO9BS9 ImN6voP+ailogDPrn48zEA3rzX/WDt6/Dg0exg9ychHriBKsADlWzqGYh6NcLmJK bMWWoN0urVxK9juP0jPSy37eWjEgKZFzC+GtfbT9ADwGErlG88wdZvn244LjTe47 1uKrxxdM098d8KQBSgsZsHpcKeK9B8K/TxF+PzqMbwKHLKfe6PPEpvcsm4NRiXTq TO6MI6Mks3/VJvIla6ayhCsVTe5XnU3LPdMb4t0EEYcdrRkMERC3v0gdak+Tsdlp p9cPhq9uscdQfr+pkIN/Tx9QO1vPPLUbGTvC1oDsfr5/EKWFT6xKu6QUXvDAXzyY aukhw8E/n/dVmRa4tvu5XePz704lMHSRkp/10TQGHsGSCePS/pTSvSbesJkEEtUq dlvkoUh3MuPHMczS7dEOAJuNSWIL/idbFNj78u3faCdIciJIlKdtsvkKuzibcl5j gv17lgj04ybtP9s5lfbqtI9+GiWI1kY2pKDp9ArFCGGTHILYZBFYDWp66DETaM5h NjVLYxxkitQhQafNEeJarPt97xvhPAow8Rw3df9BDKnOCxahMLDShqFyv85vRryq zFi7tDW39mdoecTDhfboyebRcaPO7V25Acgupxz3llVIQHrQrJ3rmi7Fa4OoUEBA jEJ1O6YMvC2A4JzP9r9hcw7cag6Awmqvg/v58maIjzlBSv+C2j3CagCFh0W/TJ8G 4lM1hMhert5is2s15BqenbMIPJM3jpZOFl3lJC4TGt0iEsyZjsz9D8SF10ikVufW qi16NFp+FaVzswxW9wlS0B5dQG6dyCtPT/v/1lqFBoG19CXE/GpcCniPM4sW9t7O lH75tqYG117IJpxq4nGu++0SeOIXVUhsHZaYWouHaFXn/KixeAahVnnmtyeIo25T LgQT3AncSHczj78Y5R4BcL53pXGIR8kfNGEegZNZPJsHdvvCyuvYWAFR9UchH29n tat4hDNE/A== =pGDq -END PGP MESSAGE- -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 --_-1242031387==_ma Content-Type: text/html; charset="us-ascii" !doctype html public "-//W3C//DTD W3 HTML//EN" htmlheadstyle type="text/css"!-- blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 } --/styletitleRE: Encrypting a credit card field.../title/headbody divOn 9/27/00, Randy Adkins penned:/div blockquote type="cite" citeYou can use the standard encrypt and decrypt in Cold Fusion.br br lt;cfset thisValue = quot;#cc_info#quot;gt;br lt;cfset mykey = quot;fubarquot;gt;br lt;cfset Encrypted_info = encrypt(thisValue,mykey)gt;br br br Then decrypt it as needed:br /blockquote blockquote type="cite" citelt;cfset origvalue = decrypt(thisvalue,quot;fubarquot;)gt;/blockquote divbr/div divThe last line should read:/div divlt;cfset origvalue = decrypt(encrypted_info,quot;fubarquot;)gt;/div divbr/div divBut that's not why I'm writing. I just encrypted 54240015 and the encrypted value is:/div div0quot;@/=__S6[H3/0^G':Ilt;(R%D/div divbr/div divHow secure is that? Just curious. The same number encrypted with cfx_pgp is:/div divbr/div divfont size="-2"-BEGIN PGP MESSAGE-/font/div divfont size="-2"Version: CFX_PGP 1.07 - http://www.digitaloutlook.com/cfx_storebr br qANQR1DBwk4DAuVQ2B6kACEQC/0QgM6QiBObHMkCVspan /spanDd98gKFv0NCiVt4Y3Qi+uEabr qUk7KdIJi1kVZZVjoCcI5gqOqJN6BrjticQThhypdspan /span6qRIO4fO5Q1q9OICxpO9BS9br ImN6voP+ailogDPrn48zEA3rzX/WDt6/Dg0exg9ycspan /spanhHriBKsADlWzqGYh6NcLmJKbr bMWWoN0urVxK9juP0jPSy37eWjEgKZFzC+GtfbT9Aspan /spanDwGErlG88wdZvn244LjTe47br 1uKrxxdM098d8KQBSgsZsHpcKeK9B8K/TxF+PzqMbspan /spanwKHLKfe6PPEpvcsm4NRiXTqbr TO6MI6Mks3/VJvIla6ayhCsVTe5XnU3LPdMb4t0EEspan /spanYcdrRkMERC3v0gdak+Tsdlpbr p9cPhq9uscdQfr+pkIN/Tx9QO1vPPLUbGTvC1oDsfspan /spanr5/EKWFT6xKu6QUXvDAXzyYbr aukhw8E/n/dVmRa4tvu5XePz704lMHSRkp/10TQGHspan /spansGSCePS/pTSvSbesJkEEtUqbr dlvkoUh3MuPHMczS7dEOAJuNSWIL/idbFNj78u3faspan /spanCdIciJIlKdtsvkKuzibcl5jbr gv17lgj04ybtP9s5lfbqtI9+GiWI1kY2pKDp9ArFCspan /spanGGTHILYZBFYDWp66DETaM5hbr NjVLYxxkitQhQafNEeJarPt97xvhPAow8Rw3df9BDspan /spanKnOCxahMLDShqFyv85vRryqbr zFi7tDW39mdoecTDhfboyebRcaPO7V25Acgupxz3lspan /spanlVIQHrQrJ3rmi7Fa4OoUEBAbr jEJ1O6YMvC2A4JzP9r9hcw7cag6Awmqvg/v58maIjspan /spanzlBSv+C2j3CagCFh0W/TJ8Gbr 4lM1hMhert5is2s15BqenbMIPJM3jpZOFl3lJC4TGspan /spant0iEsyZjsz9D8SF10ikVufWbr qi16NFp+FaVzswxW9wlS0B5dQG6dyCtPT/v/1lqFBspan /spanoG19CXE/GpcCniPM4sW9t7Obr lH75tqYG117IJpxq4nGu++0SeOIXVUhsHZaYWouHaspan /spanFXn/KixeAahVnnmtyeIo25Tbr LgQT3AncSHczj78Y5R4BcL53pXGIR8kfNGEegZNZPspan /spanJsHdvvCyuvYWAFR9UchH29nbr tat4hDNE/A==br =pGDq/font/div divfont size="-2"-END PGP MESSAGE-/font/div div-- br br Bud Schneehagen - Tropical Web Creationsbr br _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/br ColdFusion S
RE: Encrypting a credit card field...
This is a multi-part message in MIME format. --=_NextPart_000_018C_01C028A3.ABF0D000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Encrypting a credit card field... You can use cfx_hash, for a one way hash, though that may not be the most useful thing for credit card processing. DC -Original Message- From: Mark W. Breneman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 27, 2000 14:46 To: CF-Talk Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --=_NextPart_000_018C_01C028A3.ABF0D000 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEADTITLEEncrypting a credit card field.../TITLE META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type META content=3D"MSHTML 5.00.3018.900" name=3DGENERATOR/HEAD BODY DIVnbsp;/DIV DIVnbsp;/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN = class=3D484265416-27092000You=20 can use cfx_hash, for a one way hash, though that may not be the most = useful=20 thing for credit card processing./SPAN/FONT/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN=20 class=3D484265416-27092000/SPAN/FONTnbsp;/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN=20 class=3D484265416-27092000DC/SPAN/FONT/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN=20 class=3D484265416-27092000/SPAN/FONTnbsp;/DIV BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px" DIV align=3Dleft class=3DOutlookMessageHeader dir=3DltrFONT = face=3DTahoma=20 size=3D2-Original Message-BRBFrom:/B Mark W. Breneman=20 [mailto:[EMAIL PROTECTED]]BRBSent:/B Wednesday, September 27, = 2000=20 14:46BRBTo:/B CF-TalkBRBSubject:/B Encrypting a credit = card=20 field... BRBR/DIV/FONT PFONT size=3D2Good day,/FONT /P PFONT size=3D2I am looking for a solution for encrypting a credit = card field=20 with CF 4.5/FONT BRFONT size=3D2and SQL 7./FONT /P PFONT size=3D2I know about CFX_PGP.nbsp; It sounds like just what = I need=20 but I would like to/FONT BRFONT size=3D2know if there are other=20 solutions.nbsp; Does any one know ofnbsp; any other/FONT BRFONT = size=3D2encryption custom tag or of a stored proc for SQL 7 that will = encrypt=20 a/FONT BRFONT size=3D2field with a fair amount of = security?/FONT /P PFONT size=3D2Mark W. Breneman/FONT BRFONT size=3D2-Cold = Fusion=20 Developer/FONT BRFONT size=3D2-Network Administrator/FONT = BRFONT=20 size=3D2nbsp; Vivid Media/FONT BRFONT size=3D2nbsp;=20 [EMAIL PROTECTED]/FONT BRFONT size=3D2nbsp; = www.vividmedia.com/FONT=20 BRFONT size=3D2nbsp; 608.270.9770/FONT /PBRBRBR PFONT=20 = size=3D2= --/FONT=20 BRFONT size=3D2Archives: A=20 href=3D"http://www.mail-archive.com/cf-talk@houseoffusion.com/"=20 = target=3D_blankhttp://www.mail-archive.com/cf-talk@houseoffusion.com//A= /FONT=20 BRFONT size=3D2To Unsubscribe visit A=20 = href=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlistsamp;body=3D= lists/cf_talk"=20 = target=3D_blankhttp://www.houseoffusion.com/index.cfm?sidebar=3Dlistsam= p;body=3Dlists/cf_talk/A=20 or send a message to [EMAIL PROTECTED] with = 'unsubscribe' in=20 the body./FONT/P/BLOCKQUOTE/BODY/HTML --=_NextPart_000_018C_01C028A3.ABF0D000-- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Encrypting a credit card field...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 cfx_encrypt is freeware and uses blowfish: http://www.ejim.co.uk/module/encrypt/index.cfm c -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 for message encryption and authentication: USE PGP! Comment: KeyID: 0x51046CFD iQA/AwUBOdKAAdaLYehRBGz9EQJQ8gCgsjdw0CGnKBki+YqEss3VPqQczk8AnRNU aLZHsO3nJL8LAnON4i/bjBvh =hxQK -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.