> In fact, yes i know we are both thinking 'if someone > is good enough to hack into the backend database > then they will be good enough to decrypt the data if > they really wanted' > > so the cf app would definitely be sufficient enough
The problem with encrypting data from within your application is that the same application will often also decrypt the data, so if your application itself has a vulnerability - which is by far the most likely security problem you'd have - this won't actually protect your data. It would, however, perhaps protect your data from untrustworthy database administrators, but that's probably not the threat profile you're facing. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321467 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
