Creditcard Number Security was Re: Encrypted column
| От | Peter Childs |
|---|---|
| Тема | Creditcard Number Security was Re: Encrypted column |
| Дата | |
| Msg-id | a2de01dd0706051129l46839c4av90328a932d5efe5c@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: Creditcard Number Security was Re: Encrypted column
Re: Creditcard Number Security was Re: Encrypted column |
| Список | pgsql-general |
On 05/06/07, Andrew Sullivan <ajs@crankycanuck.ca> wrote:
Unfortunately you still need to store them somewhere, and all systems can be hacked. Yes its a good idea to store them on a separate system and this is an important part of designing your systems to ensure that the simple user interface is somehow limited. On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
>
> If he is a CC customer, the system (which I am DBA of) bills his
> card directly, saving the customer much time and effort.
So surely what you have is a completely separate system that has
exactly one interface to it, that is signaled to provide a
transaction number and that only ever returns such a transaction
number to the "online" system, and that is very tightly secured,
right?
It is possible to make trade-offs in an intelligent manner, for sure,
but you sure as heck don't want that kind of data stored online with
simple reversible encryption.
A
Peter.
В списке pgsql-general по дате отправления: