On Wed, Jun 23, 2010 at 12:43 PM, Peter Lind wrote:
> I'm just wondering if this is a correct understanding:
> 1. plaintext data arrives on the web frontend.
or over SSL
> 2. It's sent to the app server
SSL or non-SSL - your choice
> 3. It's encrypted and sent to the DB server
encrypted or n
On 23 June 2010 20:55, Michael Shadle wrote:
> I talked with a friend who actually had this implemented before and
> banks had signed off on it after reviewing it.
>
> load balancer (irrelevant to the security piece)
>
> web server(s) - only accepts traffic to port 80/443. can only forward
> reque
rote:
>> -Original Message-
>> From: Peter Lind [mailto:peter.e.l...@gmail.com]
>> Sent: Wednesday, June 23, 2010 12:22 AM
>> To: Michael Shadle
>> Cc: PHP-General
>> Subject: Re: [PHP] How to store encrypted data and how to store the key?
>>
>>
On Wed, Jun 23, 2010 at 6:09 AM, Peter Lind wrote:
> On 23 June 2010 10:09, Michael Shadle wrote:
>> On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham wrote:
>>
I haven't had to implement a scheme like this but for an app I'm working on
we've been considering the same issues in order to kee
On 23 June 2010 10:09, Michael Shadle wrote:
> On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham wrote:
>
>>> I haven't had to implement a scheme like this but for an app I'm working on
>>> we've been considering the same issues in order to keep member data safe.
>>> I would say your best bet is to ke
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham wrote:
>> I haven't had to implement a scheme like this but for an app I'm working on
>> we've been considering the same issues in order to keep member data safe.
>> I would say your best bet is to keep the decryption key in memory while the
>
> This i
> -Original Message-
> From: Peter Lind [mailto:peter.e.l...@gmail.com]
> Sent: Wednesday, June 23, 2010 12:22 AM
> To: Michael Shadle
> Cc: PHP-General
> Subject: Re: [PHP] How to store encrypted data and how to store the key?
>
> On 23 June 2010 09:11, Michael Sh
On Wed, Jun 23, 2010 at 12:21 AM, Peter Lind wrote:
> I haven't had to implement a scheme like this but for an app I'm
> working on we've been considering the same issues in order to keep
> member data safe. I would say your best bet is to keep the decryption
> key in memory while the app is runn
On 23 June 2010 09:11, Michael Shadle wrote:
> This is somewhat related to the whole PCI/credit card discussion a
> couple weeks back. The consensus was basically "leave it to other
> people" - however, what if YOU are the other person?
>
> I wonder if anyone has some BKMs to share about encryptin
9 matches
Mail list logo