The last time this thread came up, I came up with I thought was a good way of doing this, but the downside (or not) is that it only allows access to the data by the customer:
The customer's login password is HASHED in the database. The customer's credit card information (number, exp and verification number) is concatenated together (I built a tag to do this and the next step) and encrypted using the customers plain text password as the key. Now, neither the password nor the cc info is stored in a retrievable format within the database. And when the customer needs to make a purchase, they enter their password and the info is decrypted (by the tag) and sent to the cc processor... Tony Schreiber, Senior Partner Man and Machine, Limited mailto:[EMAIL PROTECTED] http://www.technocraft.com http://www.simplemessageboard.com ___Free Forum Software for Cold Fusion http://www.is300.net ___________The Enthusiast's Home of the Lexus IS300 http://www.digitacamera.com ______________DigitA Camera Scripts and Tips http://www.linklabexchange.com _____________Miata Link ECU Data Exchange ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
