Heh - OK. That's really what I was wondering. It sounded to me like putting all the latest alarms and anti-theft devices on your car, then leaving the window down while you shop. I guess I wasn't all that far off....
> -----Original Message----- > From: Matt Robertson [mailto:[EMAIL PROTECTED] > Sent: Monday, September 25, 2006 5:12 PM > To: CF-Talk > Subject: Re: best practices for encryption > Importance: High > > On 9/25/06, Ray Champagne <[EMAIL PROTECTED]> wrote: > > I was > > more worried about where and how to store the generated key to decrypt the > > data "on the other side". > > That right there is the weak link in the chain no matter what you do. > Someone can hack the box and get that key, and at that point they own > you. Because of that Iike to use public/private key encryption along > the lines of the RSA method, where you only store the encryption > algorithm on the box and the user pastes in the decryption key > themselves via a form, and stores it off-box. If your customer is > serious about encryption and limitation of liability thats the way to > go. > > http://developer.perthweb.com.au/textcrypt.html > > Beyond that, when using low-level stuff I stick the key in an > application var that is fed by Application.cfm > > -- > [EMAIL PROTECTED] > Janitor, MSB Web Systems > mysecretbase.com > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254160 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
