List:General Discussion« Previous MessageNext Message »
From:H. Scott Brown Date:April 26 2003 12:05am
Subject:Re: Storing credit card numbers in MySql
View as plain text  
What we do is generate a random alpha-numeric string N characters long (the 
longer the better, IMO), and store that in a separate key database on the 
same server.

Then, we use an MD5 hash of that random string as key_string to both 
encrypt and decrypt using AES_*. That way, the actual key_string never 
exists anywhere except in memory, so even if the code gets hacked, it is 
extremely strong security, because you would need to hack the code, and the 
separate database, as well as the database containing the cc info.

All fields used are varchar.

--Scott Brown
Thread
Can I GROUP BY with a UNION?J C25 Apr
  • RE: Can I GROUP BY with a UNION?Pieter Jansen van Vuuren25 Apr
    • Storing credit card numbers in MySqlScott Haneda25 Apr
      • RE: Storing credit card numbers in MySqlGavin Nouwens25 Apr
        • Re: Storing credit card numbers in MySqlScott Haneda25 Apr
          • RE: Storing credit card numbers in MySqlGavin Nouwens25 Apr
          • Re: Storing credit card numbers in MySqlJoseph Stump25 Apr
            • RE: Storing credit card numbers in MySqlGavin Nouwens25 Apr
              • RE: Storing credit card numbers in MySqlJoe Stump25 Apr
            • Re: Storing credit card numbers in MySqlGerald Jensen25 Apr
              • RE: Storing credit card numbers in MySqlJoe Stump25 Apr
      • Re: Storing credit card numbers in MySqlPaul Chvostek25 Apr
        • RE: Storing credit card numbers in MySqlAndrew25 Apr
          • Re: Storing credit card numbers in MySqlPaul Chvostek25 Apr
            • Re: Storing credit card numbers in MySqlScott Haneda25 Apr
              • RE: Storing credit card numbers in MySqlAdam Nelson25 Apr
        • Re: Storing credit card numbers in MySqlB. van Ouwerkerk26 Apr
          • Re: Storing credit card numbers in MySqlScott Haneda26 Apr
      • Re: Storing credit card numbers in MySqlRyan Fox25 Apr
        • Re: Storing credit card numbers in MySqlScott Haneda25 Apr
      • Re: Storing credit card numbers in MySqlFred van Engen25 Apr
      • Re: Storing credit card numbers in MySql(Pete Harlan)26 Apr
        • Re: Storing credit card numbers in MySqlH. Scott Brown26 Apr
RE: Can I GROUP BY with a UNION?J C25 Apr
RE: Can I GROUP BY with a UNION?Ken Gaul25 Apr
Re: Storing credit card numbers in MySqlSteven Roussey26 Apr