MySQL Reference Manual :: 12.8.2 Encryption Functions http://dev.mysql.com/doc/mysql/en/encryption-functions.html
MySQL Reference Manual :: 5.4.1 General Security Guidelines http://dev.mysql.com/doc/mysql/en/security-guidelines.html
If I had my cookbooks with me I could tell you the page numbers, but there is good info in the mysql cookbook. PHP also has some encryption functions so you could do something snazzy like encrypting encrypted fields if you wanted.
Greg
On Mar 15, 2005, at 1:01 PM, Brian Henning wrote:
Hi Guys,
It's becoming inevitable that my employer is going to ask me to add the ability to store credit card numbers to a point-of-sale application I've been developing. I've been steadfastly refusing to do so thus far because I don't want the security responsibility for the data... But it's become clear that we really do need to be able to retrieve the data to do things like process RMA credits and whatnot.
So my question is... What encryption scheme should I be studying? I really don't know a lot about encryption.. Here are the requirements I have for whatever method you folks suggest.
- Easily integrated into the application as it is. Something that could live in a MySQL field or two would be optimal.
- Reversable, obviously.
- Reasonably secure against decryption by Bad Guys.
- Reasonably easy to work with in Java.
The MySQL server doesn't answer requests outside the local net, but I have to assume that there's a chance someone could get in and see the raw table data..
So. Suggestions?
Thanks!
~Brian
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
