Credit Card Details
- From: "Griff" <griffithsj_520@xxxxxxxxxxx>
- Date: Thu, 20 Dec 2007 12:15:01 -0000
If sensitive information (such as a credit card) has to be saved to a
database then there is a duty of care to protect this information.
If the data is saved in plain text, then there is a concern that a hacker
gaining access to the server will therefore gain access to the credit card
data.
One option is therefore to encrypt it. This means that the data is stored
on the server in an encrypted format. However, at some stage, the software
will legitimately need to decrypt the data in order to use this information.
To achieve this, it has to have access to the key to decrypt the
information. If the software has access to this decryption key then surely
so will any hacker. It would be equivalent to buying a secure safe and
hanging the keys next to it.
There must be a more secure implementation - could someone describe it>
Many thanks
Griff
.
- Follow-Ups:
- Re: Credit Card Details
- From: Anne & Lynn Wheeler
- Re: Credit Card Details
- From: Roger Abell [MVP]
- Re: Credit Card Details
- From: jwgoerlich
- Re: Credit Card Details
- Prev by Date: How to detect antivirus software on a system
- Next by Date: Re: Credit Card Details
- Previous by thread: How to detect antivirus software on a system
- Next by thread: Re: Credit Card Details
- Index(es):
Relevant Pages
|
