On Thu, Feb 18, 2010 at 9:58 PM, Eric Nicholas Sweeney <[email protected]> wrote:
> Someone mentions CC's or SSN's and everyone freaks out and tells you to call > their lawyer. Well - ok - that's all fine and dandy - point taken - let's > move on - that kind of talk doesn't really address the honest question of - > - How could you Actually do it responsibly? I gave you an answer to this that was quite detailed. And it is still a stupid idea. > And Maureen - calling my clients idiots is unfair. Only I get to call them > that. No, actually, all of us are calling your clients idiots because it is obviously true. This isn't a grey area. There are a handful of things that have been pretty well sorted out in web development and that are simple yes/no questions at this point. How should I store passwords in plain text: you don't. How should I store credit card numbers: you don't unless you are going to run your own CC Gateway company the size of Authorize.net How should I store information covered by HIPAA in plain text: just shoot yourself now and save yourself the pain Simply put, no one is going to spend the time to help you try and get around PCI Compliance, HIPAA or Sarbane-Oxley. It is just a dumb, dumb idea and I'm sorry I event took the time I did to explain how you might go about doing it. Juda ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330944 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
