Hello All,
I have been set the task of providing the most secure method of record,
storing and retrieving data from an e-commerce site built using
Coldfusion.
I've decided on the methods but would like some feedback as to whether
I'm going the right direction, or I'm about to walk of a cliff.
OK, so the customer has added the goods to the shopping cart and would
now like to pay.
The order form has a Secure Certificate and as such the data is
encrypted between the browser and the server. Thawte currently provide
128-bit Supercerts (Strong), would this be required if we were taking
credit card details? Or would the 56-bit (Medium) encryption be enough?
I would like to store all the details in my database. Is SQL Server 7
secure enough to store this type of information or would PGP encryption
be the way to go? I have looked at the cfx_pgp custom tag and the PGP
E-Business Server, this is a very expensive option but is it the best or
most practical? To keep us right a bare minimum would be the coldfusion
encryption of the information before it is recorded to the database.
At this stage the client would like to retrieve the data using a web
based management facility. Again a secure certificate would be required,
but is there a need to beef up the general admin login using the
application page to verify if a user is logged in? If so what would you
suggest?
Any help on this matter would be appreciated.
Regards
David Armstrong.
David Armstrong
Web Applications Developer
biznet
MAKE IT HAPPEN
Head Office
133-137 Lisburn Road, Belfast
Northern Ireland BT9 7AG
T +44 (0) 28 9022 3224
F +44 (0) 28 9022 3223
E [EMAIL PROTECTED]
W biznet-solutions.com
Disclaimer:
If you are not the intended recipient, or person responsible for
delivering it to the intended recipient, you are not authorized to and
must not disclose, copy, distribute or retain this message or any part
of it.
The opinions / views / comments on this e-mail do not necessarily
reflect any views or policies of biznet.
The recipient should check this email and any attachments for the
presence of viruses. biznet accepts no liability for any damage caused
by any virus transmitted by this email. biznet 2001.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
