Sensitive data in database tables

Le centriste

Hi How do you protect sensitive data (like CC numbers)? Also, when an application needs a DSN (C++ app), is there a way to hide this DSN and the application can still have it, without being hardcoded, or without human intervention. Michel It is a lovely language, but it takes a very long time to say anything in it, because we do not say anything in it, unless it is worth taking a very long time to say, and to listen to.
- TreeBeard

alex barylski

Over the last few days I have read many tuts and a few books on database...alot of what I read wasn't what I wanted to know...database security for instance...anyways...after much reading I have come to conclusion that the general census for CC security is "Don't have CC #'s in your database PERIOD". Although I figure public/private key encryption would do the trick considering thats what SSL uses. The books and tut's really stressed your clients lack of interest in having you store their password on a server... Prolly a bad idea. Cheers! "An expert is someone who has made all the mistakes in his or her field" - Niels Bohr

Matt Gullett

In most situations it is not recommended to store CCs in a database. The reason for this is security and privacy. Unless you inform your users you are storing their CCs in a database you should probably avoid this. If all you need is transmission security, SSL is the only real option. Note: there are a few JavaScript/client-site encryption mechanisms out there too, but they would not be considered the norm by users. If you do need to store this type of sensetive data I recommend using STRONG encryption on it when you store it in the database. The windows Crypto API can do this for you as well as numerous other libraries available from various vendors. Also many of the web-site certification comapnies require that if you do store CCs you must have a policy in place for purging the data within a specified amount of time (90 days seems like what I remember.) If you really want to hide your DSN, put it in the registry and encrypt it also.

Carlos Antollini

Yes you need to use a connection without a DSN for example:

strConnection = _T("Driver={SQL Server};Server=MyServerName;Trusted_Connection=no;Database=MyDatabaseName;Uid=MyUserName;Pwd=MyPassword;");

Best Regards Carlos Antollini. www.wanakostudios.com Sonork ID 100.10529 cantollini

Le centriste

Tx a lot for the answers If I shouldn't keep CC # in the database, where do you suggest I put them. Remember that the application needs them for later use (when settling the transaction for instance). Michel It is a lovely language, but it takes a very long time to say anything in it, because we do not say anything in it, unless it is worth taking a very long time to say, and to listen to.
- TreeBeard

Matt Gullett

If you must keep the CC's for an extended period of time (longer that the user stays on your site), then a database is probably the only good way to do this. The key (IMHO) is to secure the database and the numbers to the maximum level possible AND to have a good procedure in place for removing those numbers from the database in a timely manner. You must also keep all the other identifying information as well (name, address, etc.) Basically, like I said before the key thing is encryption. The other thing you can do in addition to encryption is to further scamble the numbers by keeping various parts of the #'s encrypted in different ways and stored in different columns in a table. If you are using Oracle or SQL Server you can further increase security by using column level security and setting it up so that only a call to a stored procedure with a good (highly random) keycode can retrieve the CC values. Before I would recommend to a customer to store CCs in a database accessed via web-based systems, I would want to insure that the database itself was properly secured and that the web sites exposing the database were properly secured.

AndyG

You might be interested in this book. Andy Gaskell, MCSD MCDBA