, 2003 9:23 PM
To: CF-Talk
Subject: Re: Storing Credit Card Info
Matt,
Did you have a URL for the guy you mentioned below?
-Novak
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Sunday, June 22, 2003 1:24 PM
Subject: RE: Storing Credit
Matt,
Did you have a URL for the guy you mentioned below?
-Novak
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Sunday, June 22, 2003 1:24 PM
Subject: RE: Storing Credit Card Info
I second Stan's comments. That is an outstanding idea
For my own purposes, I was thinking of having the user click an icon to save a
generated key onto a certain drive. At that point the key and its folder off the root
would be named by CF to something CF would know later, automatically (i.e. use some
formula for a filename, like
-Talk [EMAIL PROTECTED]
Sent: Monday, June 23, 2003 9:37 PM
Subject: Re: Storing Credit Card Info
| For my own purposes, I was thinking of having the user click an icon to save a
generated key onto a certain drive. At that point the key and its folder off
the root would be named by CF to something
For my own purposes, I was thinking of having the user click an icon
to save a generated
key onto a certain drive. At that point the key and its folder off
the root would be
named by CF to something CF would know later, automatically (i.e. use
some formula for a
filename, like
I second Stan's comments. That is an outstanding idea, Kate! I have
*exactly* the client who needs that solution; and realistically,
probably all of them. Sounds like a great convenience upgrade.
Some guy is selling 16mb units with an erase protection switch and
optional password protection
Is there a ìbest practiceî to store/implement the private key for
cfx_textcrypt? I know the private key is one of the major keys to
security of the process, and my best guess must not be stored on the
server. How do you store/implement the private key?
I personally store it on my computer at
How bad would it be to just use a long password as the encryption key?
Require the password be over 10 characters and a mix of upper/lower case
letters and number.
This way they never have to copy and paste it in, they could just remember
it.
Al
I personally store it on my computer at
-Original Message-
From: Al Musella, DPM [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 21, 2003 8:48 AM
To: CF-Talk
Subject: Re: Storing Credit Card Info
How bad would it be to just use a long password as the encryption
key?
Require
I meant for the owner of the website... when he wants to decrypt a credit
card number that is stored on the website, instead of entering the private
key by copying and pasting, just use the password.
Al
At 09:09 AM 6/21/2003 -0700, Matt Robertson wrote:
At that point wouldn't it be easier for
Hi Stan,
You guessed it: I train the client to keep the private key in a text file on their
own desktop or someplace safe locally.
Let me back up a step:
First thing I do is build a cf template that generates public and private keys, and
shows those keys to the client via an ssl connection.
this info though in a DB
for frequent buyers ...
Are there any advantages that make it imperative to deep this info in a
db
Tim
-Original Message-
From: Sicular, Alexander [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 12:39 AM
To: CF-Talk
Subject: RE: Storing Credit Card Info
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 7:51 PM
Subject: Re: Storing Credit Card Info
Holy cow... thats a very scary prospect. Obviously an SSL connection is
the first step. Then...
Actually, first step
: Wednesday, June 18, 2003 3:47 AM
To: CF-Talk
Subject: RE: Storing Credit Card Info
I'm about to embark on processing CC transactions for the first time as
well ... Isn't it best to not record the CC information in a database at
all if possible... just transmit the CC info securely
Thx Peter. Looks like a bit of dyslexia crept into my fingers :D
--Matt--
-Original Message-
From: Tilbrook, Peter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 8:27 PM
To: CF-Talk
Subject: RE: Storing Credit Card Info
If that link doesn't work go to:
http
]
MSB Designs, Inc. http://mysecretbase.com
-Original Message-
From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 7:07 AM
To: CF-Talk
Subject: Re: Storing Credit Card Info
- Original Message -
From
PROTECTED]
Sent: Wednesday, June 18, 2003 12:47 AM
Subject: RE: Storing Credit Card Info
I'm about to embark on processing CC transactions for the first time as
well ... Isn't it best to not record the CC information in a database at
all if possible... just transmit the CC info securely as possible
To: CF-Talk
Subject: Re: Storing Credit Card Info
If I remember correctly, the Visa/MasterCard rules REQUIRE you to keep
record of all transactions for a period of time (2 years?). Many people do
this via a database... some print to hard copy.
-Novak
- Original Message -
From: Tim
Holy cow... thats a very scary prospect. Obviously an SSL connection is the first
step. Then...
Encrypt the data. Don't rely on either CF or mySQL's encryption if you can all
possibly avoid it. My personal favorite encryption method is cfx_textcrypt from
http://perthweb.developer.com.au
) 6213 6731
Mobile: 0439 401 823
Facsimile: +61 (02) 6213 7287
-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 18 June 2003 9:51 AM
To: CF-Talk
Subject: Re: Storing Credit Card Info
Holy cow... thats a very scary prospect. Obviously an SSL connection
Isaac,
I think this book has been recommended here before...
'Translucent Databases' by Peter Wayner.
It deals with all sorts of database/encryption issues.
Gl,
alex
-Original Message-
From: Issac Rosa [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 7:02 PM
To: CF-Talk
Subject:
From: Jeff [mailto:[EMAIL PROTECTED]]
not only do multiple users share the same ip, but a user can have his ip
change during his session. personally, i would not use the ip address as
a
Wow!? What a sloppy implementation. Thanks for the tip.
Lon Lentz
Applications Developer -
lon,
:~~
: From: Lon Lentz [EMAIL PROTECTED]
:
: While it's not 100% (2 people on your site accessing
: the net through the same proxy), you could use their IP
: address (which should remain constant for the session)
: as a way of helping to keep people straight.
?
- Original Message -
From: Byron M [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 13, 2000 1:22 PM
Subject: RE: Storing Credit Card info in Session variable
As with anything on the internet, you are never completely safe.
I personally would not do it that way. I would get
-Original Message-
From: Ken M. Mevand [mailto:[EMAIL PROTECTED]]
Subject: Re: Storing Credit Card info in Session variable
[snip]
so is it true that even with SSL, its no guarantee that someone else may
hit
upon the same CFID and CFTOKEN and the web server will not be able
:[EMAIL PROTECTED]]
Sent: Thursday, 13 April 2000 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE: Storing Credit Card info in Session variable
As with anything on the internet, you are never completely safe.
I personally would not do it that way. I would get the CC number and pass
it via a hidden
As with anything on the internet, you are never completely safe.
I personally would not do it that way. I would get the CC number and pass
it via a hidden form field and be on a server with SSL. But I think the
only way someone could access a client's session vars is if they had the
CFID and
27 matches
Mail list logo
