[thelist] Sensitve information on the web

Mohan Arun 437341 at gmail.com
Fri Nov 5 01:05:59 CDT 2010


>>>OTOH, while keeping it online in a DB is also a potential exposure,
>
> Instead of actually storing the SSN in plain-text in the database, store a
> Md5 hash.

?! What would be the point of that, if the end user needs to have that
actual data to e.g. fill out a tax form?

I stand corrected - if you have to store things like SSN, date of
birth etc store them  encrypted and decrypt when necessary.

Place your encrypt/decrypt routines outside of the database so if
someone gets access
to your database, they dont get access to the decryption functions.

Use Format preserving encryption (FPE) so a SSN looks like a SSN,
leaving no clue to a possible hacker that it is not a valid SSN.

http://www.tazlake.com/technology/do-not-store-ssn-in-databases/

The idea is that once you start storing SSNs in a database you own,
you also open yourself up to legal responsibility to take due
diligence practices to protect SSNs from known casual hacking methods.
This can be more expensive than 'write on form and mail in'.

On further thoughts, t+5 minutes = The best option is NOT to transmit
SSNs in the first place - do you really have to ask customers to write
their SSNs and date of birth every time they mail in? This info does
not change from mail-in to mail-in, so it might make sense to get this
info one-time and store it in an internal database that is DMZ'ed and
not accessible from the internet? And then the mail-in only contains
the financial details that do change but not of much use to the casual
person?



~~~~
Mohan Arun L.
twitter: @437341


More information about the thelist mailing list