In this system (and you know which one I'm talking about) the values aren't
actually committed to the DB until there is something in the cart and that's
where I would do the encrypt/decrypt. As close to the DB as possible to
avoid deeper system changes. However, the only thing I really NEED to
encrypt is the payment details like name, CC number and cc expiration date.
Those aren't entered until later so I'd potentially be encrypting/decrypting
data more than is needed.
I'm using AES-128 bit because it is both the fastest and most secure
according to the documentation I've come across so far. Now that I'm
thinking about your response, maybe it would be better to write something
that would parse out those few values that must be encrypted and decrypt in
a similar fashion to avoid processor/memory spikes during the encryption
process. I could still do that as close to the DB as possible and the code
wouldn't be terribly difficult.
I think I have my answer. Thanks!
-Jake
On Fri, Feb 11, 2011 at 10:40 AM, Mark A. Kruger mkru...@cfwebtools.comwrote:
My one caution is that encryption is processor intensive. I wouldn't
encrypt
until you actually have a cart (like I wouldn't arbitrarily encrypt every
session to start with).
-mark
Mark A. Kruger, MCSE, CFG
(402) 408-3733 ext 105
Skype: markakruger
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Jake Churchill [mailto:reyna...@gmail.com]
Sent: Friday, February 11, 2011 10:32 AM
To: cf-talk
Subject: AES Encryption Limits
Hello All.
I am working on a database driven session environment that is used on a
shopping cart. The cart is not currently PCI complient so I am working on
encrypting certain items.
The session is stored in the DB as a WDDX packet in an ntext field. Rather
than parsing the structure and encrypting just certain pieces of data, I
was
playing with the idea of encrypting the entire WDDX packet. This works
fine
in my tests, but I am worried about any possible limits I might reach.
Theoretically, the WDDX string could be enormous as there is nothing
limiting the size of carts in this system.
Does anyone know if I'll potentially hit some kind of limit using this
method of encryption? This will determin the path I take. If there is no
limit, I'll just make my life easy and encrypt the entire thing. If there
is a limit, I'll write some code to parse out the structure and only
encrypt
certain members.
Thanks in advance.
-Jake
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342142
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
