Hi all,
I recently had to do this exact process for a site involving subscriptions.
We developed a CFX tag in-house that validates and encrypts a credit card
number using 512, 1024 or 2048 bit RSA. It also generates private and public
keys, the idea being that the public keys are stored in the database and the
private key is stored offline. When the site administrator wants to batch
process the day's subscriptions, they manually paste the private key into a
form. The private key is only ever stored in memory. Do the whole thing over
SSL and I think it's as secure as it can be on a 3rd party ISP for a client
who doesn't have a ton of money to spend on offline database servers etc
etc.
We were thinking of on-selling this tag but are not sure what the level of
interest would be - so if you're interested let me know what you think and
I'll put it to the boss.
Regards,
Kay.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
