 |  |  |  |  |  |  |  |
Decrypting an encrupted credit card number
Please support our ColdFusion advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
OK let me get this straight, We have a pay invoice on our website you submit your info that gets stored in a sql database. Every day a girl in our office checks a password protected back end that displays the info in from the sql database. My question is if I use DES BLOWFISH OR AES i have to use generatesecretkey which is random. If I don't know what that key is how do I decrypt the cc info on the back end. I can't store that key in the database next to the cc number that would defeat the whole purpose.
That's why i ask why can't I use CFMX_COMPAT if they get into the database and don't know what the key is how do they decrypt the number.
That's why i ask why can't I use CFMX_COMPAT if they get into the database and don't know what the key is how do they decrypt the number.
Last edited by freshfitz; Dec 18th, 2008 at 10:19 pm.
Well, like I said at am not familiar with storing CC's. So I am really not the one to be giving you advice on how to properly secure them. What I will say is that assumedly, Adobe engineers are familiar with encryption, and if they say it is the least secure of the methods, I personally believe them.
Plus, credit card companies can have their own restrictions about merchants storing credit card information. As I understand it, it is not like you can just decide to store information and it is okay with them. You have to be certified and meet certain requirements - of which encryption is probably only one. Only they can say whether or not your setup meets their requirements.
While I may not be able to answer your questions, I think hhamdan is giving you bad advice. He seems more interested in providing "an answer" than trying to provide the correct answer. My advice would be to seek an another area or another forum with more focus and experience with security. But that is just me, and I am not the one who may be held liable. So the choice is yours.
Plus, credit card companies can have their own restrictions about merchants storing credit card information. As I understand it, it is not like you can just decide to store information and it is okay with them. You have to be certified and meet certain requirements - of which encryption is probably only one. Only they can say whether or not your setup meets their requirements.
While I may not be able to answer your questions, I think hhamdan is giving you bad advice. He seems more interested in providing "an answer" than trying to provide the correct answer. My advice would be to seek an another area or another forum with more focus and experience with security. But that is just me, and I am not the one who may be held liable. So the choice is yours.
Well I got the strong encryption to work further investigation i can use a stored key for aes, des, and blowfish, I guess I'll worry about the " when i come across it. So far I tested about 15 cards and none show the "
Thanks for everyone's input at least I learned something new!
Thanks for everyone's input at least I learned something new!
Last edited by freshfitz; Dec 18th, 2008 at 11:38 pm.
Do the customers know you are storing there credit card numbers? Do the credit card companies know about this? I think that both parties would have a problem with you storing this information without their knowing and without you having the proper security credentials.
Lost time is never found again.
- Benjamin Franklin
- Benjamin Franklin
|
Other Threads in the ColdFusion Forum
- Previous Thread: Please Help
- Next Thread: Authenticate cfmail with exchange
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest ColdFusion Posts
- Today's Posts
- Unanswered Threads
