| Subject | Re: [firebird-support] Field level encryption with UDF? |
|---|---|
| Author | Bogusław Brandys |
| Post date | 2009-05-06T07:31:15Z |
Daniel Rail wrote:
first ,third and last for example. Then compute hash in application and
compared to stored hash and digits.Just an idea,depending on what you
want to do with credit cards numbers, if you only need to validate it
maybe ok.
Boguslaw
>You can also just store hash of credit card number and a few digits like
>
>
> Hi,
>
> At Tuesday, May 05, 2009, 12:16 PM, Myles Wakeham wrote:
>
> > I have a Firebird 1.5 database that has a table for storing credit card
> > numbers. In accordance with PCI compliance on credit card handling
> > regulations, I need to restrict access to this information on a
> > 'business need to know' basis. I can do most of that with user level
> > security, etc.
>
> Why do you need to store the whole credit card numbers?
>
> We only store the last 4 digits in our application( no expiry date and
> no CVV2 are stored). And, we don't have to encrypt the data, because
> it would be more of a guessing game to find the remaining 12 digits to
> reconstruct the card's number.
>
> --
> Best regards,
> Daniel Rail
> Senior Software Developer
> ACCRA Solutions Inc. (www.accra.ca)
> ACCRA Med Software Inc. (www.filopto. com)
>
first ,third and last for example. Then compute hash in application and
compared to stored hash and digits.Just an idea,depending on what you
want to do with credit cards numbers, if you only need to validate it
maybe ok.
Boguslaw