I have spoken to my cf hosting provider Given my client is a national company, they, my client has their own SQL server and network infrastructure.
One suggestion was that I replicate my applications SQL server structure on my clients own SQL server which will only contain data relating to my clients customer base and then have my CF host create a CF DSN that points to my clients SQL server. My cf application is hosted by Intermedia (usa) whilst my clients SQL server is located in QLD I see this as being a solution to my clients concerns regarding the security of the data stored on the SQL server given the above idea their data will in fact be located on their own server, they then being responsible for the security they have around their own servers. The CF code remains on my hosting accounting with Intermedia so the client still has no access to my source code yet they have full access to the data relating to their clients which, they own in any case given the data is residing on their own server. Naturally I will reference their DSN with their logins which all other clients using my application will be dynamically assigned the normal DSN which points to the sql server at intermedia where the cf hosting is located Are there any major concerns that anyone sees by implementing the above. Regards Claude Raiola B.Econ (Acc), B.Hot.Mngt. Websites: www.AustralianAccommodation.com www.SAMARIS.NET www.WebSiteSolutions.com.au Mobile: 0414 228 948 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mark Mandel Sent: Thursday, 26 February 2009 6:34 AM To: [email protected] Subject: [cfaussie] Re: Cold Fusion Encryption of Bank Details etc I wouldn't store those sort of details on shared hosting... no way, it's too risky. Even with encryption, you're relying on the shared host to maintain your security, and if someone gets hold of you DB, its your head on the chopping block, not yours. If they are running cf8, it's a little better, but I would highly advise setting up a VPS if you're going to go down this route. A good VPS isn't that much more expensive than a decent shared host, and you have full control over your data and security, without the feel of a different shared host trying to take a peek at your data. Mark On Thu, Feb 26, 2009 at 1:36 AM, SAMARIS Software <[email protected]> wrote: > > Hi, > > My customers are wanting the bank account details and contract details of > their customers which are being stored on my sql database to be encrypted in > order to protect the privacy of the client information. My software > application stores contact and bank account details of property owners who's > properties are being managed by my client, hence the need for my client to > have bank account details and contact details recorded within my cold fusion > application that has an sql dbase back end. My software application is used > at the end of each month to calculate and issue income statements and > generate aba files to eft payment of income to the property owners. > > My application is being hosted with a large cf hosting company in America, > the application is running on a shared CF hosting service. > > Can anyone provide me with some assistance in relation advise on the best > approach to protecting the data ie encryption of the data stored on the sql > database. > > Regards > > Claude Raiola > B.Econ (Acc), B.Hot.Mngt. > > Websites: > www.AustralianAccommodation.com > www.SAMARIS.NET > www.WebSiteSolutions.com.au > Mobile: 0414 228 948 > > > > > -- E: [email protected] W: www.compoundtheory.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
