they can decrypt it on their end using
> whatever they have.
>
> Then all you have to do is one way hash it, and they can do the comparison
> on their end.
>
> -Original Message-
> From: ColdFusion Developer [mailto:cfdev...@gmail.com]
> Sent: Monday, May 11, 2009
: ColdFusion Developer [mailto:cfdev...@gmail.com]
Sent: Monday, May 11, 2009 7:19 PM
To: cf-talk
Subject: Storing SSN ... I know, I know
What's a best practice for securely storing a social security number? I've
talked myself blue trying to talk my client out of doing this, but the
> What's a best practice for securely storing a social security number? I've
> talked myself blue
> trying to talk my client out of doing this, but the bank he's working with
> for this project
> absolutely, positively cannot process his transactions without the SSNs of
> our users (most
> of t
> What's a best practice for securely storing a social
> security number?
See the PCI-DSS standards for storing credit card numbers and use that as a
starting point. Essentially, encrypt what you have to keep, and mask or
remove what you don't. Don't allow your database server to be directly
ac
Watch out.. While you may be honorable and not do something like this,
there are plenty of people who would for the money. So make sure not
to piss off the clients to much.
On Mon, May 11, 2009 at 7:03 PM, C S wrote:
>
>> At first they were talking about doing a CSV download and upload, to
>> wh
> At first they were talking about doing a CSV download and upload, to
> which I replied hell no.
O.M.G. You may as well display names and SSN's randomly on the home page as an
ad banner. But it sounds like you will need some social security numbers for
testing. I am sure the clients would
Use a command line encryption tool to encrypt via key before the
transfer. PGP has one called command Line made for that very purpose.
http://www.pgp.com/products/commandline/servers/index.html
/scott
On May 11, 2009, at 6:16 PM, ColdFusion Developer wrote:
As for an admin area that lets t
Thanks, Alan. This kind of info is exactly what I was looking for.
I've contacted my lawyer already; thank god I have a good one.
As for an admin area that lets them print the page --
They need to download and transmit the SSNs to their bank somehow. At first
they were talking about doing a CS
Well... First off DONT DO IT!
That having been said I would follow this plan:
1. If you know an attorney or have one you trust, have them write up a
contract that absolves you of any liability in this matter. Make the client
sign it and have it notarized that they are are aware of your c
ey do have a specific requirement, post back here so we can help you
figure out a good method that adheres to their requirements.
William
-Original Message-
From: ColdFusion Developer [mailto:cfdev...@gmail.com]
Sent: Monday, May 11, 2009 5:19 PM
To: cf-talk
Subject: Storing SSN ... I kn
What's a best practice for securely storing a social security number? I've
talked myself blue trying to talk my client out of doing this, but the bank
he's working with for this project absolutely, positively cannot process his
transactions without the SSNs of our users (most of the businesses
11 matches
Mail list logo