Re: InnoDB?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Thank you for the reply. I understand the reasoning behind your
> response. My company and I were thinking about storing the numbers
> permanently but I guess that will not be a good idea. There is a
> firewall being deployed also. However, I do see the point.
> 
> >Can I safely store multiple customer credit card numbers in a table
> that is InnoDB, if I use an Encrypt()
....
> No. The Encrypt function is too weak. AES_Encrypt/AES_Decrypt or 
> DES_Encrypt/DES_Decrypt are stronger. However I would strongly recommend
> that credit card numbers not be permanently stored in the table.


One way to think about storing multiple customer credit card numbers
is to consider them as a liability or perhaps toxic waste.  An
individual like me may be off the hook with my credit card company if
my account number is stolen once.  However your company may not be off
the hook if thousands of account numbers are released to an
international crime group should you be hacked or a trusted employee
turn bad.

Such data also needs 'meta' data associated with it.  Invoice number,
customer ID, Date/Time, paid/pending, timer for return policy and so on.
There are also some accounting standards that must be adhered to.

Any encryption will have a key.  Some design process needs to exist to
re-encrypt the data should you find that the key is at risk or discover
that the algorithm is hackable.  Then there is the issue of
backups....


-- 
	T o m  M i t c h e l l 
	May your cup runneth over with goodness and mercy
	and may your buffers never overflow.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux