http://www.braintreepaymentsolutions.com/services/pci-compliance
On Fri, Aug 13, 2010 at 9:52 AM, Dave Burns <[email protected]> wrote: > I have a client I'm helping with their PCI compliance effort. One question I > have is where to store the key that encrypts account numbers, etc. Right now, > it's in one location in their CF code. Is there a better practice? I > understand that storing it in the same database that contains the encrypted > data is a no-no (seems sensible). The cost of an external HSM box just for > key management seems prohibitive. Is there an easier way that others here > have used? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336255 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
