This is somewhat related to the whole PCI/credit card discussion a
couple weeks back. The consensus was basically leave it to other
people - however, what if YOU are the other person?
I wonder if anyone has some BKMs to share about encrypting data in a
web application. A lot of people take the
On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote:
This is somewhat related to the whole PCI/credit card discussion a
couple weeks back. The consensus was basically leave it to other
people - however, what if YOU are the other person?
I wonder if anyone has some BKMs to share
On Wed, Jun 23, 2010 at 12:21 AM, Peter Lind peter.e.l...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm
working on we've been considering the same issues in order to keep
member data safe. I would say your best bet is to keep the decryption
key in memory
-Original Message-
From: Peter Lind [mailto:peter.e.l...@gmail.com]
Sent: Wednesday, June 23, 2010 12:22 AM
To: Michael Shadle
Cc: PHP-General
Subject: Re: [PHP] How to store encrypted data and how to store the key?
On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote:
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm working on
we've been considering the same issues in order to keep member data safe.
I would say your best bet is to keep the decryption key in memory while
On 23 June 2010 10:09, Michael Shadle mike...@gmail.com wrote:
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm working on
we've been considering the same issues in order to keep member data safe.
I would
On Wed, Jun 23, 2010 at 6:09 AM, Peter Lind peter.e.l...@gmail.com wrote:
On 23 June 2010 10:09, Michael Shadle mike...@gmail.com wrote:
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote:
I haven't had to implement a scheme like this but for an app I'm working on
we've
I talked with a friend who actually had this implemented before and
banks had signed off on it after reviewing it.
load balancer (irrelevant to the security piece)
web server(s) - only accepts traffic to port 80/443. can only forward
requests on to the app server, one direction.
app server(s) -
On 23 June 2010 20:55, Michael Shadle mike...@gmail.com wrote:
I talked with a friend who actually had this implemented before and
banks had signed off on it after reviewing it.
load balancer (irrelevant to the security piece)
web server(s) - only accepts traffic to port 80/443. can only
On Wed, Jun 23, 2010 at 12:43 PM, Peter Lind peter.e.l...@gmail.com wrote:
I'm just wondering if this is a correct understanding:
1. plaintext data arrives on the web frontend.
or over SSL
2. It's sent to the app server
SSL or non-SSL - your choice
3. It's encrypted and sent to the DB
10 matches
Mail list logo