> information and process payments on a recurring basis. This
> presents a number of security concerns. We're using SQL
> Server 2000 and CFMX on Windows 2000. Where is the place to
> encrypt data? In CF at the application level, or at the DBMS
> level? Any ideas on where and how would be greatly
> appreciated! Thanks in advance for your help.
My first suggestion would be to search the list archives, as this is a
common topic.
That said, where you encrypt the data is in many ways less important than
how you manage the keys you use to encrypt and decrypt data. Ideally, you
should avoid storing the credit card data in any way that's accessible from
the web server at all if that's possible, but of course that may not be
possible in your case. For example, you could have a database that can only
be written to from your web server, and only read from another server. This
second server would be used to actually process requests, so it could send
the credit card information to the payment processor.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
