Re: Credit Card DB Encryption Methodology

Fri, 04 May 2001 00:32:04 -0700 

Sounds very secure, of course you might add that the database in question
should never be on a web server. The  database should only be accessible
from behind a firewall which permits only the web server's ip to access the
database server.

jon
----- Original Message -----
From: "Tony Schreiber" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, May 03, 2001 3:52 PM
Subject: Credit Card DB Encryption Methodology


> Ok, I've been reading the last few threads on this and pondering the best
> way to approach this scenario (storing CC in DB) and I've come up with the
> following idea:
>
> 1) The User's password is stored as a one-way HASH.
> 2) The Credit Card info (list of cc number,exp date and verification
> number) is stored as an ENCRYPTED string with the User's raw password as
> the key.
>
> Interface-wise, this requires that:
>
> a) the user type in their password when Adding or Updating a credit card
> record in the db (so it can be encrypted)
> b) the user type in their password when finalizing an order (so the cc
> info can be decrypted to be processed)
> c) When a user changes their password, all cc records in the database must
> be updated using the old and new passwords
>
> But this way, neither the users password, the encryption key nor the cc
> info is stored unencrypted anywhere on the server.
>
> Comments?
>
>
> Tony Schreiber, Senior Partner                  Man and Machine, Limited
> mailto:[EMAIL PROTECTED]                   http://www.technocraft.com
>
> http://www.simplemessageboard.com ___Free Forum Software for Cold Fusion
> http://www.is300.net ___________The Enthusiast's Home of the Lexus IS300
> http://www.digitacamera.com ______________DigitA Camera Scripts and Tips
> http://www.linklabexchange.com _____________Miata Link ECU Data Exchange
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to