Re: Securing fields
- From: "Steve C. Orr [MVP, MCSD]" <Steve@xxxxxxx>
- Date: Thu, 8 Jun 2006 17:39:25 -0700
I would advise not storing credit card numbers in your database at all, that
way it's impossible for any one to hack in and get them. After the credit
card number is processed, throw it away.
If you MUST keep it, definitely encrypt it. SQL Server 2005 has built in
encryption functions you can use.
Otherwise you might choose to use some .NET 1.x encryption techniques, such
as these:
http://www.aspnetpro.com/NewsletterArticle/2003/10/asp200310kd_l/asp200310kd_l.asp
http://www.fawcette.com/vsm/2003_01/magazine/columns/gettingstarted/
--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"David Lozzi" <dlozzi@xxxxxxxxxxxxx> wrote in message
news:%23Z0Hz9qiGHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
Howdy,
I'm planning on storing credit card numbers in my SQL database for online
ecommerce. Whats the best scenario to secure the data in SQL? Can I
encrypt the field so if browsing table data it won't appear? Of course i'm
using SSL for capturing the data from the website, sending it SQL. the SQL
database has limited logins and access but I want to protect this
information as best as I can.
Thanks,
--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
.
- Follow-Ups:
- Re: Securing fields
- From: prabhupr
- Re: Securing fields
- References:
- Securing fields
- From: David Lozzi
- Securing fields
- Prev by Date: Re: DB or not DB ?
- Next by Date: Re: Word Document with ASP.NET
- Previous by thread: Re: Securing fields
- Next by thread: Re: Securing fields
- Index(es):
Relevant Pages
|
