| Subject | Re: [firebird-support] Field level encryption with UDF? |
|---|---|
| Author | Ann W. Harrison |
| Post date | 2009-05-05T18:32:38Z |
Myles Wakeham wrote:
the general information and is generally available. The other table
has the primary key of the first part and the credit card information.
The second table is heavily protected. Create a view with the name
of your current table that joins the two underlying tables and is
heavily protected.
That way, even a really cranky report program that won't use views
has a base table to work on, but no access to private data.
Though, on the whole, storing only client-side encrypted card numbers
has a lot of merit, as does storing only the last four digits.
Cheers,
Ann
> I have a Firebird 1.5 database that has a table for storing credit cardOne approach is to split your current table in two. One table has
> numbers. In accordance with PCI compliance on credit card handling
> regulations, I need to restrict access to this information on a
> 'business need to know' basis. ...
>
> However I have a specific need to offer key users the ability to produce
> reports using Crystal Reports ...
the general information and is generally available. The other table
has the primary key of the first part and the credit card information.
The second table is heavily protected. Create a view with the name
of your current table that joins the two underlying tables and is
heavily protected.
That way, even a really cranky report program that won't use views
has a base table to work on, but no access to private data.
Though, on the whole, storing only client-side encrypted card numbers
has a lot of merit, as does storing only the last four digits.
Cheers,
Ann