Re: Creditcard Number Security was Re: Encrypted column - Mailing list pgsql-general

From Guy Fraser
Subject Re: Creditcard Number Security was Re: Encrypted column
Date
Msg-id 1181244043.2731.153.camel@sigurd.incentre.net
Whole thread Raw
In response to Re: Creditcard Number Security was Re: Encrypted column  (Andrew Sullivan <ajs@crankycanuck.ca>)
Responses Re: Creditcard Number Security was Re: Encrypted column
List pgsql-general
On Tue, 2007-06-05 at 16:51 -0400, Andrew Sullivan wrote:
> On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote:
> > Unfortunately you still need to store them somewhere,  and all systems can
> > be hacked.
>
> Yes.  I agree, in principle, that "don't store them" is the best
> advice -- this is standard _Translucent Databases_ advice, too.  For
> the least-stealable data is the data you don't have.
>
> But if there is a business case, you have to do the trade off.  And
> security is always a tradeoff (to quote Schneier); just do it well.
> (Someone else's advice about hiring a security expert to audit this
> sort of design is really a good idea.)
>
> A

Have you thought about setting up an account with PayPal, and having
people pay through PayPal?

Let PayPal deal with the security, and credit card info, after all it's
what they do.


pgsql-general by date:

Previous
From: brian
Date:
Subject: Re: querying the age of a row
Next
From: Alvaro Herrera
Date:
Subject: Re: querying the age of a row