Subject RE: [firebird-support] Field level encryption with UDF?
Author bogdan
Put credit card number in separate table, or use view



Regards

Bogdan



From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Myles Wakeham
Sent: Tuesday, May 05, 2009 5:17 PM
To: firebird-support@yahoogroups.com
Subject: [firebird-support] Field level encryption with UDF?








I have a Firebird 1.5 database that has a table for storing credit card
numbers. In accordance with PCI compliance on credit card handling
regulations, I need to restrict access to this information on a
'business need to know' basis. I can do most of that with user level
security, etc.

However I have a specific need to offer key users the ability to produce
reports using Crystal Reports or other 3rd party reporting tools
directly against the database tables. The data that is needed to be
secured is (unfortunately) a part of a table that needs to be exposed
for the reporting requirements. So I was thinking of storing the data
in an encrypted form, so that it is only visible when run through a
decrypter in my application.

Has anyone used an UDFs to do field level string encryption like this?
I don't need anything incredibly sophisticated, but rather than
attempting to build my own, I was wondering if there are any out there
that others have used that I could adopt for this application?

This is for a database that is running on CentOS Linux.

Thanks in advance for any pointers.

Myles
--
=======================
Myles Wakeham
Director of Engineering
Tech Solutions USA, Inc.
Scottsdale, Arizona USA
http://www.techsolusa.com
Phone +1-480-451-7440



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.325 / Virus Database: 270.12.18/2096 - Release Date: 05/04/09
17:51:00



[Non-text portions of this message have been removed]