Holy cow... thats a very scary prospect. Obviously an SSL connection is the first step. Then...
Encrypt the data. Don't rely on either CF or mySQL's encryption if you can all possibly avoid it. My personal favorite encryption method is cfx_textcrypt from http://perthweb.developer.com.au but I'm sure others on the list have favorites of their own. And as soon as you can get those cc numbers off the server, do so. Remember you have to ensure the integrity of the transaction throughout, so if you are planning on transferring to a local db then *that* connection -- be it a brute force ftp copy (possible under mysql but ugly) or a local cf server pulling data off the live box via a remote odbc connection -- has to also be ssl-secured. ------------------------------------------- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com ------------------------------------------- ---------- Original Message ---------------------------------- From: "Issac Rosa" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 17 Jun 2003 19:02:14 -0400 >My client has a need to store credit card. What's the best, cost >effective, most secure way of doing this? Is it just better to capture >the information in the db and then download to a local db, and keep off >the server? I'm curious to know what others are doing in this >situation. Currently, the application and db (MySQL) are on a shared >server. > > > >Thanks, > >Issac > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
