Joshua D. Drake wrote:
Guy Rouillier wrote:
Richard P. Welty wrote:
Guy Fraser wrote:
Paypal has a perception issue - they are perceived as being tightly
linked with eBay. That's a problem in the corporate arena. If my
stock broker were to tell me they do all their financial transactions
Alvaro Herrera wrote:
My "bank" is also "not a bank" (they say they are not "FDIC insured"
which I think is the actual problem at hand). Do I have to be worried?
Depends what you use it for. If this is an online bank that you use
only for online transactions and you maintain a balance of sa
Joshua D. Drake wrote:
> Guy Rouillier wrote:
> >Richard P. Welty wrote:
> >>Guy Fraser wrote:
>
> >Paypal has a perception issue - they are perceived as being tightly
> >linked with eBay. That's a problem in the corporate arena. If my stock
> >broker were to tell me they do all their financia
John DeSoi wrote:
On Jun 7, 2007, at 4:03 PM, Richard P. Welty wrote:
at the day job, when we switched from paypal (who we found very
undependable)
to authorize.net, we were very pleased to discover that authorize.net
would take
care of the credit card numbers for us, so we didn't have to try
On Jun 7, 2007, at 4:03 PM, Richard P. Welty wrote:
at the day job, when we switched from paypal (who we found very
undependable)
to authorize.net, we were very pleased to discover that
authorize.net would take
care of the credit card numbers for us, so we didn't have to try to
secure them
Guy Rouillier wrote:
Richard P. Welty wrote:
Guy Fraser wrote:
Paypal has a perception issue - they are perceived as being tightly
linked with eBay. That's a problem in the corporate arena. If my stock
broker were to tell me they do all their financial transactions through
Paypal, I'd pro
Richard P. Welty wrote:
Guy Fraser wrote:
Have you thought about setting up an account with PayPal, and having
people pay through PayPal?
Let PayPal deal with the security, and credit card info, after all it's
what they do.
at the day job, when we switched from paypal (who we found very
und
Guy Fraser wrote:
On Tue, 2007-06-05 at 16:51 -0400, Andrew Sullivan wrote:
Yes. I agree, in principle, that "don't store them" is the best
advice -- this is standard _Translucent Databases_ advice, too. For
the least-stealable data is the data you don't have.
But if there is a business ca
On Tue, 2007-06-05 at 16:51 -0400, Andrew Sullivan wrote:
> On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote:
> > Unfortunately you still need to store them somewhere, and all systems can
> > be hacked.
>
> Yes. I agree, in principle, that "don't store them" is the best
> advice --
Marko Kreen wrote:
On 6/5/07, Brian Mathis <[EMAIL PROTECTED]> wrote:
pgcrypto also supports md5, so I'm not sure what you're referring to
here.
digest(psw, 'md5') vs. crypt(psw, gen_salt('md5'))
As I already mentioned, *salting* before you hash is a very
important step. I'm not sure if you
On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote:
> Unfortunately you still need to store them somewhere, and all systems can
> be hacked.
Yes. I agree, in principle, that "don't store them" is the best
advice -- this is standard _Translucent Databases_ advice, too. For
the least-
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Marko Kreen
>Sent: dinsdag 5 juni 2007 21:38
>To: Peter Childs
>Cc: pgsql-general@postgresql.org
>Subject: Re: Creditcard Number Security was Re: [GENERAL]
>Encrypted column
&g
On 6/5/07, Peter Childs <[EMAIL PROTECTED]> wrote:
On 05/06/07, Andrew Sullivan <[EMAIL PROTECTED]> wrote:
> On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
> >
> > If he is a CC customer, the system (which I am DBA of) bills his
> > card directly, saving the customer much time and e
On 05/06/07, Andrew Sullivan <[EMAIL PROTECTED]> wrote:
On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
>
> If he is a CC customer, the system (which I am DBA of) bills his
> card directly, saving the customer much time and effort.
So surely what you have is a completely separate s
On 6/5/07, Brian Mathis <[EMAIL PROTECTED]> wrote:
pgcrypto also supports md5, so I'm not sure what you're referring to
here.
digest(psw, 'md5') vs. crypt(psw, gen_salt('md5'))
As I already mentioned, *salting* before you hash is a very
important step. I'm not sure if you saw that in my post
Marko Kreen schrieb:
On 6/5/07, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
Ranieri Mazili schrieb:
> Hello,
>
> I need to store users and passwords on a table and I want to store it
> encrypted, but I don't found documentation about it, how can I create a
> table with columns "user" and "passwor
On Jun 5, 2007, at 7:28 AM, Ron Johnson wrote:
On 06/05/07 08:59, Alvaro Herrera wrote:
Ron Johnson wrote:
On 06/04/07 17:54, Guy Rouillier wrote:
Many people consider two-way encryption to be insecure; two-way
encryption means you can decrypt a value if you know the key,
and it is insecu
On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
>
> If he is a CC customer, the system (which I am DBA of) bills his
> card directly, saving the customer much time and effort.
So surely what you have is a completely separate system that has
exactly one interface to it, that is signa
On 6/5/07, Marko Kreen <[EMAIL PROTECTED]> wrote:
On 6/5/07, Marko Kreen <[EMAIL PROTECTED]> wrote:
> both md5 and sha1 are actually easier to bruteforce than
> the old DES-based crypt.
If this statement seems weird - the problem is the speed.
MD5 and SHA1 are just faster algorithms than des-cry
On 6/5/07, Marko Kreen <[EMAIL PROTECTED]> wrote:
both md5 and sha1 are actually easier to bruteforce than
the old DES-based crypt.
If this statement seems weird - the problem is the speed.
MD5 and SHA1 are just faster algorithms than des-crypt.
And there's nothing wrong with fast general-purp
On 6/5/07, Brian Mathis <[EMAIL PROTECTED]> wrote:
On 6/5/07, Marko Kreen <[EMAIL PROTECTED]> wrote:
> Both md5 and sha1 are bad for passwords, no salt and easy to
> bruteforce - due to the tiny amount of data in passwords.
>
> Proper ways is to use crypt() function from pgcrypto module.
> Due to
On 06/05/07 08:59, Alvaro Herrera wrote:
Ron Johnson wrote:
On 06/04/07 17:54, Guy Rouillier wrote:
Many people consider two-way encryption to be insecure; two-way
encryption means you can decrypt a value if you know the key, and it is
insecure because you usually have to put the key into th
On 6/5/07, Marko Kreen <[EMAIL PROTECTED]> wrote:
On 6/5/07, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
> Ranieri Mazili schrieb:
> > Hello,
> >
> > I need to store users and passwords on a table and I want to store it
> > encrypted, but I don't found documentation about it, how can I create a
>
On 6/5/07, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
Ranieri Mazili schrieb:
> Hello,
>
> I need to store users and passwords on a table and I want to store it
> encrypted, but I don't found documentation about it, how can I create a
> table with columns "user" and "password" with column "passwo
Ron Johnson wrote:
> On 06/04/07 17:54, Guy Rouillier wrote:
> >Many people consider two-way encryption to be insecure; two-way
> >encryption means you can decrypt a value if you know the key, and it is
> >insecure because you usually have to put the key into the source code.
> >That means at l
On 06/04/07 17:54, Guy Rouillier wrote:
Ranieri Mazili wrote:
Hello,
I need to store users and passwords on a table and I want to store it
encrypted, but I don't found documentation about it, how can I create
a table with columns "user" and "password" with column "password"
encrypted and how
On 6/5/07, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
Ranieri Mazili schrieb:
> Hello,
>
> I need to store users and passwords on a table and I want to store it
> encrypted, but I don't found documentation about it, how can I create a
> table with columns "user" and "password" with column "passwo
Ranieri Mazili schrieb:
Hello,
I need to store users and passwords on a table and I want to store it
encrypted, but I don't found documentation about it, how can I create a
table with columns "user" and "password" with column "password"
encrypted and how can I check if "user" and "password" a
Ranieri Mazili wrote:
Hello,
I need to store users and passwords on a table and I want to store it
encrypted, but I don't found documentation about it, how can I create a
table with columns "user" and "password" with column "password"
encrypted and how can I check if "user" and "password" are
Hello,
I need to store users and passwords on a table and I want to store it
encrypted, but I don't found documentation about it, how can I create a
table with columns "user" and "password" with column "password"
encrypted and how can I check if "user" and "password" are correct using
a sql q
30 matches
Mail list logo