Data encryption
From: Brian Cidern (brian.cidern@noemail.please)
Date: 11/01/02
- Next message: Richard Waymire [MS]: "Re: Security Model Problems"
- Previous message: Brian Cidern: "sql behind firewall"
- In reply to: Shamim: "Data encryption"
- Next in thread: Neil Weicher: "Re: Data encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brian Cidern" <brian.cidern@noemail.please> Date: Fri, 1 Nov 2002 14:40:53 -0800
Hi Shamim.
I've done this. End users would provide credit card
information via HTTPS. On the server, the data would be
encrypted and stored in a DB. The site owners could then
pull the encrypted data across an HTTP connection and
decrypt the data locally inside their firewall.
But, in order to encrypt the data, I wrote a VB COM+
object, implementing the MS CryptoAPI's. Actually, I wrote
two. One DLL encrypted, the other decrypted. The
encrypting DLL sat on the web server, the decrypting DLL
sat in-house and was called by a local APP. The encrypted
data was plain text, so storing it in a VarChar() field
worked fine (CHAR is definitely no good for this method).
Since this was distributed to the client, it was
imperative to make sure the encryption key was identical
when compiled into both DLL's.
Hope this offers some insight.
Brian
>-----Original Message-----
>HI All,
> SQL 7.0 / 2000
>
>I want to know , what is the best way to store
information like Credit Card
>numbers in database.
>Is there any options to encrypt and store it.
>
>Thanks
>Shamim
>
>
>.
>
- Next message: Richard Waymire [MS]: "Re: Security Model Problems"
- Previous message: Brian Cidern: "sql behind firewall"
- In reply to: Shamim: "Data encryption"
- Next in thread: Neil Weicher: "Re: Data encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
