RE: Encrypting a credit card field...
Also, when you use Encrypt() it will convert to binary format. Therefore, before storing in a non-binary compatible field or database you need to convert the encrypted string to base64 via ToBase64(). After extracting the information from the database for decryption use ToBinary(), then ToString(), then Decrypt(). This is required because ToBinary() is needed to convert back from base64, but, Decrypt() takes a string as its first argument so you need to convert the binary string to a string string ;), then Decrypt(). Whew, did you get all of that? Here are examples: Encrypt() - #ToBase64(Encrypt(FORM.CC_Number, "#APPLICATION.str_Key#"))# Decrypt() - #Decrypt(ToString(ToBinary(qry_GetUserInfo.CC_Number)), "#APPLICATION.str_Key#")# Justin MacCarthy - Original Message - From: "Mark W. Breneman" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 3:46 PM Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting a credit card field...
For some reason I just though of this, but I want to make sure ecommerce people know about this, so: Here's general tip for everyone who does ecommerce... You should use input type="text" autocomplete="off" for form fields that are used for credit card numbers, or other sensitive data. With this option turned on MSIE's autocomplete will remember everything you type into forms, and that data is stored un-encrypted on the client's computer. __ Pete Freitag ([EMAIL PROTECTED]) CFDEV.COM / NETDesign Inc. ColdFusion Developer Resources http://www.cfdev.com/ -Original Message- From: JustinMacCarthy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 27, 2000 1:18 PM To: CF-Talk Subject: Re: Encrypting a credit card field... There is a cfx_blowfish somewhere , good security less cpu overhead than PGP or you chould role your own For BlowFish www.counterpane.com and directly http://www.ejim.co.uk/module/encrypt/index.cfm Justin MacCarthy - Original Message - From: "Mark W. Breneman" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 3:46 PM Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Encrypting a credit card field...
Simple solution - DON'T display the credit card number at any time unless the page is secured with strong SSL encryption and even then avoid it if possible. Use client or session variables to store the CC number - don't use hidden form fields or URL parameters even if you use encryption on the values. You cannot be too careful with credit card numbers. -- Rob Keniger big bang solutions mailto:[EMAIL PROTECTED] http://www.bigbang.net.au -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Encrypting a credit card field...
Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting a credit card field...
You can use the standard encrypt and decrypt in Cold Fusion. cfset thisValue = "#cc_info#" cfset mykey = "fubar" cfset Encrypted_info = encrypt(thisValue,mykey) Then decrypt it as needed: cfset origvalue = decrypt(thisvalue,"fubar") -Original Message- From: Mark W. Breneman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 27, 2000 10:46 AM To: CF-Talk Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Encrypting a credit card field...
There is a cfx_blowfish somewhere , good security less cpu overhead than PGP or you chould role your own For BlowFish www.counterpane.com and directly http://www.ejim.co.uk/module/encrypt/index.cfm Justin MacCarthy - Original Message - From: "Mark W. Breneman" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 3:46 PM Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting a credit card field...
--_-1242031387==_ma
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
On 9/27/00, Randy Adkins penned:
You can use the standard encrypt and decrypt in Cold Fusion.
cfset thisValue = "#cc_info#"
cfset mykey = "fubar"
cfset Encrypted_info = encrypt(thisValue,mykey)
Then decrypt it as needed:
cfset origvalue = decrypt(thisvalue,"fubar")
The last line should read:
cfset origvalue = decrypt(encrypted_info,"fubar")
But that's not why I'm writing. I just encrypted 54240015 and
the encrypted value is:
0"@/=__S6[H3/0^G':I(R%D
How secure is that? Just curious. The same number encrypted with cfx_pgp is:
-BEGIN PGP MESSAGE-
Version: CFX_PGP 1.07 - http://www.digitaloutlook.com/cfx_store
qANQR1DBwk4DAuVQ2B6kACEQC/0QgM6QiBObHMkCVDd98gKFv0NCiVt4Y3Qi+uEa
qUk7KdIJi1kVZZVjoCcI5gqOqJN6BrjticQThhypd6qRIO4fO5Q1q9OICxpO9BS9
ImN6voP+ailogDPrn48zEA3rzX/WDt6/Dg0exg9ychHriBKsADlWzqGYh6NcLmJK
bMWWoN0urVxK9juP0jPSy37eWjEgKZFzC+GtfbT9ADwGErlG88wdZvn244LjTe47
1uKrxxdM098d8KQBSgsZsHpcKeK9B8K/TxF+PzqMbwKHLKfe6PPEpvcsm4NRiXTq
TO6MI6Mks3/VJvIla6ayhCsVTe5XnU3LPdMb4t0EEYcdrRkMERC3v0gdak+Tsdlp
p9cPhq9uscdQfr+pkIN/Tx9QO1vPPLUbGTvC1oDsfr5/EKWFT6xKu6QUXvDAXzyY
aukhw8E/n/dVmRa4tvu5XePz704lMHSRkp/10TQGHsGSCePS/pTSvSbesJkEEtUq
dlvkoUh3MuPHMczS7dEOAJuNSWIL/idbFNj78u3faCdIciJIlKdtsvkKuzibcl5j
gv17lgj04ybtP9s5lfbqtI9+GiWI1kY2pKDp9ArFCGGTHILYZBFYDWp66DETaM5h
NjVLYxxkitQhQafNEeJarPt97xvhPAow8Rw3df9BDKnOCxahMLDShqFyv85vRryq
zFi7tDW39mdoecTDhfboyebRcaPO7V25Acgupxz3llVIQHrQrJ3rmi7Fa4OoUEBA
jEJ1O6YMvC2A4JzP9r9hcw7cag6Awmqvg/v58maIjzlBSv+C2j3CagCFh0W/TJ8G
4lM1hMhert5is2s15BqenbMIPJM3jpZOFl3lJC4TGt0iEsyZjsz9D8SF10ikVufW
qi16NFp+FaVzswxW9wlS0B5dQG6dyCtPT/v/1lqFBoG19CXE/GpcCniPM4sW9t7O
lH75tqYG117IJpxq4nGu++0SeOIXVUhsHZaYWouHaFXn/KixeAahVnnmtyeIo25T
LgQT3AncSHczj78Y5R4BcL53pXGIR8kfNGEegZNZPJsHdvvCyuvYWAFR9UchH29n
tat4hDNE/A==
=pGDq
-END PGP MESSAGE-
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
954.721.3452
--_-1242031387==_ma
Content-Type: text/html; charset="us-ascii"
!doctype html public "-//W3C//DTD W3 HTML//EN"
htmlheadstyle type="text/css"!--
blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 }
--/styletitleRE: Encrypting a credit card
field.../title/headbody
divOn 9/27/00, Randy Adkins penned:/div
blockquote type="cite" citeYou can use the standard encrypt and
decrypt in Cold Fusion.br
br
lt;cfset thisValue = quot;#cc_info#quot;gt;br
lt;cfset mykey = quot;fubarquot;gt;br
lt;cfset Encrypted_info = encrypt(thisValue,mykey)gt;br
br
br
Then decrypt it as needed:br
/blockquote
blockquote type="cite" citelt;cfset origvalue =
decrypt(thisvalue,quot;fubarquot;)gt;/blockquote
divbr/div
divThe last line should read:/div
divlt;cfset origvalue =
decrypt(encrypted_info,quot;fubarquot;)gt;/div
divbr/div
divBut that's not why I'm writing. I just encrypted
54240015 and the encrypted value is:/div
div0quot;@/=__S6[H3/0^G':Ilt;(R%D/div
divbr/div
divHow secure is that? Just curious. The same number encrypted with
cfx_pgp is:/div
divbr/div
divfont size="-2"-BEGIN PGP MESSAGE-/font/div
divfont size="-2"Version: CFX_PGP 1.07 -
http://www.digitaloutlook.com/cfx_storebr
br
qANQR1DBwk4DAuVQ2B6kACEQC/0QgM6QiBObHMkCVspan
/spanDd98gKFv0NCiVt4Y3Qi+uEabr
qUk7KdIJi1kVZZVjoCcI5gqOqJN6BrjticQThhypdspan
/span6qRIO4fO5Q1q9OICxpO9BS9br
ImN6voP+ailogDPrn48zEA3rzX/WDt6/Dg0exg9ycspan
/spanhHriBKsADlWzqGYh6NcLmJKbr
bMWWoN0urVxK9juP0jPSy37eWjEgKZFzC+GtfbT9Aspan
/spanDwGErlG88wdZvn244LjTe47br
1uKrxxdM098d8KQBSgsZsHpcKeK9B8K/TxF+PzqMbspan
/spanwKHLKfe6PPEpvcsm4NRiXTqbr
TO6MI6Mks3/VJvIla6ayhCsVTe5XnU3LPdMb4t0EEspan
/spanYcdrRkMERC3v0gdak+Tsdlpbr
p9cPhq9uscdQfr+pkIN/Tx9QO1vPPLUbGTvC1oDsfspan
/spanr5/EKWFT6xKu6QUXvDAXzyYbr
aukhw8E/n/dVmRa4tvu5XePz704lMHSRkp/10TQGHspan
/spansGSCePS/pTSvSbesJkEEtUqbr
dlvkoUh3MuPHMczS7dEOAJuNSWIL/idbFNj78u3faspan
/spanCdIciJIlKdtsvkKuzibcl5jbr
gv17lgj04ybtP9s5lfbqtI9+GiWI1kY2pKDp9ArFCspan
/spanGGTHILYZBFYDWp66DETaM5hbr
NjVLYxxkitQhQafNEeJarPt97xvhPAow8Rw3df9BDspan
/spanKnOCxahMLDShqFyv85vRryqbr
zFi7tDW39mdoecTDhfboyebRcaPO7V25Acgupxz3lspan
/spanlVIQHrQrJ3rmi7Fa4OoUEBAbr
jEJ1O6YMvC2A4JzP9r9hcw7cag6Awmqvg/v58maIjspan
/spanzlBSv+C2j3CagCFh0W/TJ8Gbr
4lM1hMhert5is2s15BqenbMIPJM3jpZOFl3lJC4TGspan
/spant0iEsyZjsz9D8SF10ikVufWbr
qi16NFp+FaVzswxW9wlS0B5dQG6dyCtPT/v/1lqFBspan
/spanoG19CXE/GpcCniPM4sW9t7Obr
lH75tqYG117IJpxq4nGu++0SeOIXVUhsHZaYWouHaspan
/spanFXn/KixeAahVnnmtyeIo25Tbr
LgQT3AncSHczj78Y5R4BcL53pXGIR8kfNGEegZNZPspan
/spanJsHdvvCyuvYWAFR9UchH29nbr
tat4hDNE/A==br
=pGDq/font/div
divfont size="-2"-END PGP MESSAGE-/font/div
div-- br
br
Bud Schneehagen - Tropical Web Creationsbr
br
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/br
ColdFusion S
RE: Encrypting a credit card field...
This is a multi-part message in MIME format. --=_NextPart_000_018C_01C028A3.ABF0D000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Encrypting a credit card field... You can use cfx_hash, for a one way hash, though that may not be the most useful thing for credit card processing. DC -Original Message- From: Mark W. Breneman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 27, 2000 14:46 To: CF-Talk Subject: Encrypting a credit card field... Good day, I am looking for a solution for encrypting a credit card field with CF 4.5 and SQL 7. I know about CFX_PGP. It sounds like just what I need but I would like to know if there are other solutions. Does any one know of any other encryption custom tag or of a stored proc for SQL 7 that will encrypt a field with a fair amount of security? Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. --=_NextPart_000_018C_01C028A3.ABF0D000 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEADTITLEEncrypting a credit card field.../TITLE META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type META content=3D"MSHTML 5.00.3018.900" name=3DGENERATOR/HEAD BODY DIVnbsp;/DIV DIVnbsp;/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN = class=3D484265416-27092000You=20 can use cfx_hash, for a one way hash, though that may not be the most = useful=20 thing for credit card processing./SPAN/FONT/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN=20 class=3D484265416-27092000/SPAN/FONTnbsp;/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN=20 class=3D484265416-27092000DC/SPAN/FONT/DIV DIVFONT color=3D#ff face=3DArial size=3D2SPAN=20 class=3D484265416-27092000/SPAN/FONTnbsp;/DIV BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px" DIV align=3Dleft class=3DOutlookMessageHeader dir=3DltrFONT = face=3DTahoma=20 size=3D2-Original Message-BRBFrom:/B Mark W. Breneman=20 [mailto:[EMAIL PROTECTED]]BRBSent:/B Wednesday, September 27, = 2000=20 14:46BRBTo:/B CF-TalkBRBSubject:/B Encrypting a credit = card=20 field... BRBR/DIV/FONT PFONT size=3D2Good day,/FONT /P PFONT size=3D2I am looking for a solution for encrypting a credit = card field=20 with CF 4.5/FONT BRFONT size=3D2and SQL 7./FONT /P PFONT size=3D2I know about CFX_PGP.nbsp; It sounds like just what = I need=20 but I would like to/FONT BRFONT size=3D2know if there are other=20 solutions.nbsp; Does any one know ofnbsp; any other/FONT BRFONT = size=3D2encryption custom tag or of a stored proc for SQL 7 that will = encrypt=20 a/FONT BRFONT size=3D2field with a fair amount of = security?/FONT /P PFONT size=3D2Mark W. Breneman/FONT BRFONT size=3D2-Cold = Fusion=20 Developer/FONT BRFONT size=3D2-Network Administrator/FONT = BRFONT=20 size=3D2nbsp; Vivid Media/FONT BRFONT size=3D2nbsp;=20 [EMAIL PROTECTED]/FONT BRFONT size=3D2nbsp; = www.vividmedia.com/FONT=20 BRFONT size=3D2nbsp; 608.270.9770/FONT /PBRBRBR PFONT=20 = size=3D2= --/FONT=20 BRFONT size=3D2Archives: A=20 href=3D"http://www.mail-archive.com/cf-talk@houseoffusion.com/"=20 = target=3D_blankhttp://www.mail-archive.com/cf-talk@houseoffusion.com//A= /FONT=20 BRFONT size=3D2To Unsubscribe visit A=20 = href=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlistsamp;body=3D= lists/cf_talk"=20 = target=3D_blankhttp://www.houseoffusion.com/index.cfm?sidebar=3Dlistsam= p;body=3Dlists/cf_talk/A=20 or send a message to [EMAIL PROTECTED] with = 'unsubscribe' in=20 the body./FONT/P/BLOCKQUOTE/BODY/HTML --=_NextPart_000_018C_01C028A3.ABF0D000-- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Encrypting a credit card field...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 cfx_encrypt is freeware and uses blowfish: http://www.ejim.co.uk/module/encrypt/index.cfm c -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 for message encryption and authentication: USE PGP! Comment: KeyID: 0x51046CFD iQA/AwUBOdKAAdaLYehRBGz9EQJQ8gCgsjdw0CGnKBki+YqEss3VPqQczk8AnRNU aLZHsO3nJL8LAnON4i/bjBvh =hxQK -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
