[TriLUG] Storing Credit Card Numbers
Ron Joffe
rjoffe at yahoo.com
Tue Mar 15 13:54:07 EST 2005
On Tuesday 15 March 2005 13:01, Brian Henning wrote:
> Hi Guys,
> It's becoming inevitable that my employer is going to ask me to add
> the ability to store credit card numbers to a point-of-sale application
> I've been developing. I've been steadfastly refusing to do so thus far
> because I don't want the security responsibility for the data... But
> it's become clear that we really do need to be able to retrieve the data
> to do things like process RMA credits and whatnot.
>
> So my question is... What encryption scheme should I be studying? I
> really don't know a lot about encryption.. Here are the requirements I
> have for whatever method you folks suggest.
>
> - Easily integrated into the application as it is. Something that could
> live in a MySQL field or two would be optimal.
> - Reversable, obviously.
> - Reasonably secure against decryption by Bad Guys.
> - Reasonably easy to work with in Java.
>
> The MySQL server doesn't answer requests outside the local net, but I
> have to assume that there's a chance someone could get in and see the
> raw table data..
>
> So. Suggestions?
>
> Thanks!
> ~Brian
I Just read this article, It's oracle specific, but the ideas should be
applicable.
http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
Ron
More information about the TriLUG
mailing list