Search Postgresql Archives

Creditcard Number Security was Re: Encrypted column

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 05/06/07, Andrew Sullivan <ajs@xxxxxxxxxxxxxxx> wrote:
On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
>
> If he is a CC customer, the system (which I am DBA of) bills his
> card directly, saving the customer much time and effort.

So surely what you have is a completely separate system that has
exactly one interface to it, that is signaled to provide a
transaction number and that only ever returns such a transaction
number to the "online" system, and that is very tightly secured,
right?

It is possible to make trade-offs in an intelligent manner, for sure,
but you sure as heck don't want that kind of data stored online with
simple reversible encryption.

A

 

Unfortunately you still need to store them somewhere,  and all systems can be hacked.  Yes its a good idea to store them on a separate system and this is an important part of designing your systems to ensure that the simple user interface is somehow limited.

Peter.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux