Store it in the db, you can set permissions on tables (MS SQL I'm thinking) as well. Maybe a different ODBC connection as well. Then again anyone with access to that ODBC connection can retrieve it, but I reckon that is your safest way to go, it will make it the hardest to get to, not impossible.
I reckon you know how to put it into the application scope when its not there? That's another thing anyone having access to the code can retrieve the key as well, so really what are you protecting the key from? If it's just external sources you want to keep the key safe from then just store the encryption key outside the webroot in a text file. -----Original Message----- From: Yorke Hinds [mailto:[EMAIL PROTECTED] Sent: Wednesday, 21 April 2004 12:45 PM To: CFAussie Mailing List Subject: [cfaussie] Credit Card Encryption Some transaction occur on a montly basis and we need to store credit card for future reference. We have encrypted the card numbers on entry to the DB, using a KEY value stored as an application variable in CF. As the KEY needs to be protected and not stored on the server, how can this be loaded into the application scope? Where would we store the KEY, outside of the server and also enabling CF to access it on application startup? Thanks --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
