On 1/17/01, Matt Wisdom penned:
>We need to store credit cards in a certain situation. I realize that this is
>recommended against.
>
>That being said, I have searched through the archives, and I haven't found
>any solutions that are great. The best I found was to use a solid ( or
>"pretty good" ;-) encryption for the credit card numbers in the database,
>and then force the hacker to figure out how CF is unencrypting the numbers.
>The other suggestions were ways to further obfuscate this process, but none
>were "100%" solutions.
I built a program to store credit card number then create and submit
a batch file to authorize.net. The numbers are stored after being
encrypted using PGP. You must enter you private Pass Phrase into a
form to decrypt them (short of hard coding it into the
application.cfm or whatnot). Obviously, keeping the Pass Phrase only
in one's mind is the most secure solution. You will need PGP by
Network Associates and the CFX_PGP custom tag both installed on the
server.
http://www.digitaloutlook.com/solutionsstore.cfm
Go here to run a quick example of how it works.
http://www.twcreations.com/pgp/
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
954.721.3452
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
