On 6/5/07, Peter Childs <peterachilds@gmail.com> wrote:
> On 05/06/07, Andrew Sullivan <ajs@crankycanuck.ca> wrote:
> > On Tue, Jun 05, 2007 at 09:28:00AM -0500, Ron Johnson wrote:
> > >
> > > If he is a CC customer, the system (which I am DBA of) bills his
> > > card directly, saving the customer much time and effort.
> >
> > So surely what you have is a completely separate system that has
> > exactly one interface to it, that is signaled to provide a
> > transaction number and that only ever returns such a transaction
> > number to the "online" system, and that is very tightly secured,
> > right?
> >
> > It is possible to make trade-offs in an intelligent manner, for sure,
> > but you sure as heck don't want that kind of data stored online with
> > simple reversible encryption.
>
> Unfortunately you still need to store them somewhere, and all systems can
> be hacked. Yes its a good idea to store them on a separate system and this
> is an important part of designing your systems to ensure that the simple
> user interface is somehow limited.
If you really need the number in cleartext you should use
public-key encryption, either via pgcrypto or in application.
Thus you can have only public-key in public database,
credit-card numbers are encrypted with it, later actual
billing happens in separate, highly secured system that
has corresponding private key available to decrypt the data.
--
marko