Re: Need to share encryption between CF and ASP environments
Personally, I don't think storing CC numbers are a good idea. You can encrypt/decrypt data in between envoirments if they use the same algorithm. Checkout CF documentations to see avaiable algorithms. Also, if it's possible by your functional needs (not on the CC case, probably), one-way encrypts (hashs) are more secure, since you encrypt the data and compare the encrypted data (like on a login system). Fabio Terracini Matthew Friedman wrote: We are trying to marry a CF application and an ASP application that will need to process credit cards. What we wish to do is to encrypt and store the CC number in only one of the environments, but both will need to be able to decrypt the information and process payments. we have a payment system all ready to go, but the question we are struggling with is there a way to share the an encrypted credit card that can be decrypted on both the ASP server and the CF server and processed. Any help would be great. Matthew Friedman ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216036 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Need to share encryption between CF and ASP environments
Yeah, storing the CC numbers is a scary thing to do. You open yourselves up to a tremendous amount of liability. If you do decide to do it though, you might find or write an executable that will (en)(de)crypt your strings, then you could call it from .NET apps and CF apps as needed. This approach may allow you to be more selective in the algorithm you choose to use... Is your processing done real-time? What is it that necessitates the storing of CC nums in the first place? --Ferg Fabio Terracini wrote: Personally, I don't think storing CC numbers are a good idea. You can encrypt/decrypt data in between envoirments if they use the same algorithm. Checkout CF documentations to see avaiable algorithms. Also, if it's possible by your functional needs (not on the CC case, probably), one-way encrypts (hashs) are more secure, since you encrypt the data and compare the encrypted data (like on a login system). Fabio Terracini ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216039 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Need to share encryption between CF and ASP environments
CFMX 7 comes with a TON of new features in the encryption/decryption department, via the encrypt() and decrypt() functions: http://livedocs.macromedia.com/coldfusion/7/htmldocs/0457.htm encrypt() and decrypt() now support AES, DES, DESEDE and Blowfish algorithms, in addition to backwards-compatible CF-style encryption. It also supports multiple encoding formats. Hope this helps. Take Care, Seth - Original Message - From: Russ Michaels [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Monday, August 22, 2005 8:42 PM Subject: RE: Need to share encryption between CF and ASP environments If you use the same encryption algorythum on both then yes. There are plenty of MD5, SHA, whatever encyption components out there, just download and use one of them. COM can be called form CF too.. Russ -Original Message- From: Matthew Friedman [mailto:[EMAIL PROTECTED] Sent: 23 August 2005 02:38 To: CF-Talk Subject: Need to share encryption between CF and ASP environments We are trying to marry a CF application and an ASP application that will need to process credit cards. What we wish to do is to encrypt and store the CC number in only one of the environments, but both will need to be able to decrypt the information and process payments. we have a payment system all ready to go, but the question we are struggling with is there a way to share the an encrypted credit card that can be decrypted on both the ASP server and the CF server and processed. Any help would be great. Matthew Friedman ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216043 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Need to share encryption between CF and ASP environments
one-way encrypts (hashs) are more secure Not disagreeing, but just so you know, I downloaded a small exe yesterday that cracked an MD5 hash in 3.5 minutes, using my old 2Ghz workstation. -Original Message- From: Fabio Terracini [mailto:[EMAIL PROTECTED] Sent: 23 August 2005 14:45 To: CF-Talk Subject: Re: Need to share encryption between CF and ASP environments Personally, I don't think storing CC numbers are a good idea. You can encrypt/decrypt data in between envoirments if they use the same algorithm. Checkout CF documentations to see avaiable algorithms. Also, if it's possible by your functional needs (not on the CC case, probably), one-way encrypts (hashs) are more secure, since you encrypt the data and compare the encrypted data (like on a login system). Fabio Terracini Matthew Friedman wrote: We are trying to marry a CF application and an ASP application that will need to process credit cards. What we wish to do is to encrypt and store the CC number in only one of the environments, but both will need to be able to decrypt the information and process payments. we have a payment system all ready to go, but the question we are struggling with is there a way to share the an encrypted credit card that can be decrypted on both the ASP server and the CF server and processed. Any help would be great. Matthew Friedman ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216050 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Need to share encryption between CF and ASP environments
We are trying to marry a CF application and an ASP application that will need to process credit cards. What we wish to do is to encrypt and store the CC number in only one of the environments, but both will need to be able to decrypt the information and process payments. we have a payment system all ready to go, but the question we are struggling with is there a way to share the an encrypted credit card that can be decrypted on both the ASP server and the CF server and processed. Any help would be great. Matthew Friedman ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216005 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Need to share encryption between CF and ASP environments
If you use the same encryption algorythum on both then yes. There are plenty of MD5, SHA, whatever encyption components out there, just download and use one of them. COM can be called form CF too.. Russ -Original Message- From: Matthew Friedman [mailto:[EMAIL PROTECTED] Sent: 23 August 2005 02:38 To: CF-Talk Subject: Need to share encryption between CF and ASP environments We are trying to marry a CF application and an ASP application that will need to process credit cards. What we wish to do is to encrypt and store the CC number in only one of the environments, but both will need to be able to decrypt the information and process payments. we have a payment system all ready to go, but the question we are struggling with is there a way to share the an encrypted credit card that can be decrypted on both the ASP server and the CF server and processed. Any help would be great. Matthew Friedman ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216007 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54