I might've missed something in this thread, but why not just use an online payment processor like verisign or authorize.net? I think your clients should be able to find something that fits their needs.
Russ > -----Original Message----- > From: Matt Robertson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 26, 2006 10:39 AM > To: CF-Talk > Subject: Re: credit cards > > On 9/26/06, Richard Cooper <[EMAIL PROTECTED]> wrote: > > Is this a worthwile positive step? > > Honestly... no. If it was, everyone would do it. All you've done is > make the hacker work just a little harder, and its clearly nowhere > near anything regarded as an acceptable practice. > > Let me guess: the client wants the sales info dropped conveniently in > their inbox? Telling them how crazy-stupid this is didn't resonate? > > I think it was pointed out somewhere in this thread that storing cc > numbers at all is a violation of the merchant's card use agreement. > If they are just going to do it anyway, make sure you are covered from > the lawsuits that are likely to spring out of this horrible idea. > > On 9/25/06, Jon Clausen <[EMAIL PROTECTED]> wrote: > > <cfscript> > > key1 = myUniversalKey; > > key2 = customerSpecificKey; > > theKey = hash(key1 & key2); > > algorithm = "AES"; > > cardStored = encrypt(ccNumber,theKey,algorithm); > > doSomething(cardStored); > > </cfscrit> > > I don't understand what this is accomplishing, with respect to > splitting up the keys. If this has to be used to encrypt and decrypt, > then the keys are stored on the server, and you have gained none of > the benefits of asymmetric keys (which are that the decryption key is > not on the server at all and thus can't be swiped and used to decrypt > the data). > > > -- > [EMAIL PROTECTED] > Janitor, MSB Web Systems > mysecretbase.com > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254223 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
