[thelist] how secure to store credit cards

.jeff jeff at members.evolt.org
Tue Jan 8 01:47:01 CST 2002 

keith,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Keith
>
> > What are thoughts on encrypting the card numbers with
> > CF's Encrypt() and accessing them through SSL where
> > the key has to be given ... they key would have to be
> > stored somewhere on the webserver of course ... which
> > bothers me ... ideas?
>
> I'm not familiar with CF's Encrypt().
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

coldfusion's Encrypt() function takes a string and a key.  it uses the key
to encrypt the string -- using what algorithm i'm not sure.  if somebody
could enlighten me, i'd greatly appreciate it since i'm trying to write a
debugging utility that takes a string, a key, and encrypts them for creating
url strings on the fly, all via javascript (raymond?).

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> But there are two kinds of encryption. The crypt
> function encrypts a string in a one-way non-reversible
> hash. That data cannot be unencrypted.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

in coldfusion that'd be the Hash() function.  there's no reversing it.  or,
you can roll your own.  one method is to use the Encrypt() function, create
the key to use for the encryption of the string based on attributes of the
string itself, and then pass all this data to the Encrypt() function.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> Cold Fusion may have a built-in PGP module available to
> Encrypt, the way you describe Encrypt the private key
> would not be stored on the server, just the public key.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

there isn't any pgp capability built-in to coldfusion.  however, you can
purchase a custom tag from a third party that is built to interface with an
installed pgp utility.

https://www.digitaloutlook.com/solutionsstore.cfm

it's alittle spendy ($400), but the expense is worth it for the peace of
mind it'll give you.

later,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/

More information about the thelist mailing list