[TriLUG] Storing Credit Card Numbers

Greg Brown greg at airlannetworks.com
Tue Mar 15 15:03:05 EST 2005 

You can encrypt data inside tables in mysql.  I have done this before, 
a good while ago, and only to prove that I could do it.  A quick google 
search produces the following:

  MySQL Reference Manual :: 12.8.2 Encryption Functions
http://dev.mysql.com/doc/mysql/en/encryption-functions.html

MySQL Reference Manual :: 5.4.1 General Security Guidelines
http://dev.mysql.com/doc/mysql/en/security-guidelines.html

If I had my cookbooks with me I could tell you the page numbers, but 
there is good info in the mysql cookbook.  PHP also has some encryption 
functions so you could do something snazzy like encrypting encrypted 
fields if you wanted.

Greg


On Mar 15, 2005, at 1:01 PM, Brian Henning wrote:

> Hi Guys,
>   It's becoming inevitable that my employer is going to ask me to add 
> the ability to store credit card numbers to a point-of-sale 
> application I've been developing.  I've been steadfastly refusing to 
> do so thus far because I don't want the security responsibility for 
> the data...  But it's become clear that we really do need to be able 
> to retrieve the data to do things like process RMA credits and 
> whatnot.
>
> So my question is...  What encryption scheme should I be studying?  I 
> really don't know a lot about encryption..  Here are the requirements 
> I have for whatever method you folks suggest.
>
> - Easily integrated into the application as it is.  Something that 
> could live in a MySQL field or two would be optimal.
> - Reversable, obviously.
> - Reasonably secure against decryption by Bad Guys.
> - Reasonably easy to work with in Java.
>
> The MySQL server doesn't answer requests outside the local net, but I 
> have to assume that there's a chance someone could get in and see the 
> raw table data..
>
> So.  Suggestions?
>
> Thanks!
> ~Brian
> -- 
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>

More information about the TriLUG mailing list