| From: | "Peter Childs" <peterachilds(at)gmail(dot)com> |
|---|---|
| To: | |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Creditcard Number Security was Re: Encrypted column |
| Date: | 2007-06-05 18:29:02 |
| Message-ID: | a2de01dd0706051129l46839c4av90328a932d5efe5c@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 05/06/07, Andrew Sullivan <ajs(at)crankycanuck(dot)ca> wrote:
>
> On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
> >
> > If he is a CC customer, the system (which I am DBA of) bills his
> > card directly, saving the customer much time and effort.
>
> So surely what you have is a completely separate system that has
> exactly one interface to it, that is signaled to provide a
> transaction number and that only ever returns such a transaction
> number to the "online" system, and that is very tightly secured,
> right?
>
> It is possible to make trade-offs in an intelligent manner, for sure,
> but you sure as heck don't want that kind of data stored online with
> simple reversible encryption.
>
> A
Unfortunately you still need to store them somewhere, and all systems can
be hacked. Yes its a good idea to store them on a separate system and this
is an important part of designing your systems to ensure that the simple
user interface is somehow limited.
Peter.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Gardner | 2007-06-05 19:07:43 | pl/pgsql debuging, was Re: debugging C functions |
| Previous Message | Ragnar | 2007-06-05 17:39:07 | Re: Join field values |