Re: Encrypted column - Mailing list pgsql-general

From Ron Johnson
Subject Re: Encrypted column
Date
Msg-id 466572F0.3070900@cox.net
Whole thread Raw
In response to Re: Encrypted column  (Alvaro Herrera <alvherre@commandprompt.com>)
Responses Re: Encrypted column
Re: Encrypted column
List pgsql-general
On 06/05/07 08:59, Alvaro Herrera wrote:
> Ron Johnson wrote:
>> On 06/04/07 17:54, Guy Rouillier wrote:
>
>>> Many people consider two-way encryption to be insecure; two-way
>>> encryption means you can decrypt a value if you know the key, and it is
>>> insecure because you usually have to put the key into the source code.
>>> That means at least one person in your company, the programmer
>>> maintaining the source code, can learn all of your users' passwords.
>> Two-way encryption is needed for companies that store customer
>> credit cards.
>
> I thought that the advice for companies storing customer CCs was: don't.

Sometimes you "must".

An example from my industry: transponder "toll tags" and toll roads.
  The customer pre-pays a certain amount based on expected usage,
and every time he drives thru a plaza, his balance decreases.  Once
it drops to a certain threshold, more money needs to be added to the
account.

If he is a CASH/CHEK customer, a light at the lane flashes yellow
and (depending on the Agency) a message pops up saying, "Balance
low", so he drives over to the customer service center, stands in
line and pays his cash.

If he is a CC customer, the system (which I am DBA of) bills his
card directly, saving the customer much time and effort.

--
Ron Johnson, Jr.
Jefferson LA  USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!


pgsql-general by date:

Previous
From: "Brian Mathis"
Date:
Subject: Re: Encrypted column
Next
From: Oliver Elphick
Date:
Subject: Re: Can someone have a look at my pg_hba.conf file ?