> however what do you do with the live database? You can't effectively encrypt the database itself. You could encrypt and decrypt field values from within CF, but that doesn't guarantee the security of your data, as the encryption key would be stored within your CF app.
> i don't know much about this area and would appreciate any guidance on what i > need to be > looking at, searching for, and thinking about. The most important question is, what threats are you trying to protect against? Are you concerned with internal threats? Rogue database administrators? Someone getting access to offsite backup media? Those are the typical threat profiles that would provide justification for database encryption. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314173 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
