|
-
Jan 24th, 2005, 03:02 PM
#15
Re: store credit cards for customers
If they got the dll file any they knew anything about .net framework it would not take them long (if any time) to get the key and from there the credit card information.
--------------
Then i would suggest using pubic key encryption:
The asp.net application would know only the public key to store the credit card information in the database. this way even if your web application is compromised, all they can do is add/edit information.
But this has a drawback. Orders that are automatcially processed would have to be processed by another application that knows the private key. This application would need access to the sql transaction rescords (this could work via internet or internal network).
You would also now need an application to allow your manual data entery ppl to get the credit card information (this may have security issues).
If you are hosting this application yourself i would take extra caution to make sure that it is impossible(or nearly) for them to backtrack to the applications that know the private key.
Tips:
- Google is your friend! Search before posting!
- Name your thread appropriately... "I Need Help" doesn't cut it!
- Always post your code!!!! We can't read your mind!!! (well, at least most of us!)
- Allways Include the Name and Line of the Exception (if one is occuring!)
- If it is relevant state the version of Visual Studio/.Net Framwork you are using (2002/2003/2005)
If you think I was helpful, rate my post  IRC Contact: Rizon/xous ChakraNET/xous Freenode/xous
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|