> From: Wjhonson > en.wikipedia.org/wiki/AES_implementations > Looks like "no" to me. > Maybe someone could write one ?
Yeah, and maybe "someone" could give the source away for free too, eh? Things like this shouldn't be built into a database. The database should call to well-maintained underlying utilities written by people who specialize in such things. That can be done with GCI or other mechanisms. If you do link with a dedicated solution, I know some people have expressed concern that simply by transferring credit card data into another tool the data is exposed. For example, the most naïve approach would be something like this: CMD = \aes.encrypt \ : INFO : \ > result.file\ EXECUTE \sh -C \ : cmd CAPTURING OUT ; * ignore syntax READ ENCRYPTED FROM F.TMP,\result.file\ ... The problem there is that a hacker could put code into the system to log process activity. For example, the above commands would be openly visible to a "ps auwx | grep encrypt". Some people like the idea of writing stuff to disk, processing it there, and then importing the results. But a simple file activity monitor could grab that data in the time it takes to process and delete it. Now someone could respond that if you have a hacker who can do that on your system that the gig is already up. Sure, but that's the nature of hacking, and blind confidence in security is exactly what leads to announcements in the nightly news, fines, and law suits. One disgruntled employee or consultant could easily accomplish that - attacks like this don't always come from outside. Just the concept of storage of credit cards brings up all kinds of warnings. There are laws and protocols for such things requiring a Lot of research and internal compliance - this game is not for amateurs. The bottom line is usually simply not to do that, which leads to authorize.net and similar solutions proposed in this thread. Don't accept cards in your own web pages for local storage, and don't allow customer service people to enter CC data in your green screen app. Use resources provided by professionals. Integrate. Everything doesn't need to be DIY. Shout out to Gary Heiman - wow dude, it's been more than 25 years... T _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
