On 9/25/06, Ray Champagne <[EMAIL PROTECTED]> wrote: > I was > more worried about where and how to store the generated key to decrypt the > data "on the other side".
That right there is the weak link in the chain no matter what you do. Someone can hack the box and get that key, and at that point they own you. Because of that Iike to use public/private key encryption along the lines of the RSA method, where you only store the encryption algorithm on the box and the user pastes in the decryption key themselves via a form, and stores it off-box. If your customer is serious about encryption and limitation of liability thats the way to go. http://developer.perthweb.com.au/textcrypt.html Beyond that, when using low-level stuff I stick the key in an application var that is fed by Application.cfm -- [EMAIL PROTECTED] Janitor, MSB Web Systems mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254159 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
