Roll your own encryption. I remember awhile back some posted their algorithm for encryption in CF, and it seemed pretty solid. If you use your own encryption scheme, it would be a lot harder for a hacker to decrypt the CC number. Using a public standard (like cfencrypt) is not a very good solutiion.
I almost went down the path of cryptology - its a lot of fun, but I didn't want to work in a vault the rest of my life. -Bill www.brainbox.tv ----- Original Message ----- From: "Jeff Fongemie" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, January 27, 2002 10:17 AM Subject: Best way to store credit cards in database? > Sunday, January 27, 2002, 10:12:15 AM > Hello CF-Talk, > > I've got a simple site, and uses a small Access database. We will be > taking credit cards. > > Wondering what others consider a realistic practice to ensure > security to a reasonable level. What do others do? > > The site will have a SLL, but I'm thinking along the lines of > encrypting the card number. However, I know how unsecure ColdFusions > encryption is, so why bother? > > If people do somehow encrypt the card number, would you be willing > to give examples? And I guess I'll need a way to unencrypt the > numbers in an admin area. > > I've seen where a site will store half of the number, and the second > half gets sent by email to the shop owners. Then the shop owners > need to go in and match up the numbers. > > Thanks for any advice, recommendations on this. > > > Best regards, > Jeff Fongemie mailto:[EMAIL PROTECTED] > ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
