Results 1 to 6 of 6
  1. #1
    Join Date
    Oct 2003
    Posts
    16

    Unanswered: web Apps and encryption..

    Hi All,
    Im using Cold Fusion and SQL 2K for a shopping cart that I built and I would like to be able to encrypt some data thats stored in the database, does anyone have experience with doing this, or some good help links?

    Thanks =)

  2. #2
    Join Date
    Feb 2002
    Posts
    2,232
    You probably want to use https ... Check with your hosting service and see if they support it - the certificates are pretty cheap these days.

  3. #3
    Join Date
    Oct 2003
    Posts
    16
    Im actually using https right now but I need to store text in the database in some sort of non plain text encryped format, I dunno if Cold Fusion can do it or if it needs to be done by third party software, or if the database itself can do it... I just need a simple way to encrypt data thats stored in my tables to make it just a little more secure..

  4. #4
    Join Date
    Feb 2002
    Posts
    2,232
    Check out the following links:
    link1
    link2

    You can also create your own extended stored procedures using the cryto api from ms.

  5. #5
    Join Date
    Oct 2003
    Posts
    706

    Exclamation

    It is extremely difficult to encrypt data in a database without losing it forever. It's also difficult to provide real security that way! After all, if I can get my hands on the application that's doing the encrypting and decrypting, the data is mine. (Or worse, I can simply "scramble the eggs again," making it unrecoverable garbage as an act of sabotage, and it might be a long time before you'd even know!)

    It's best to store the database in a secure location, to armor the pathways to the server via SSL, and to secure all the web pages that access it, by means of SSL. Then build into the database the means of backing-up the data to other tables, of making archival records of past versions of records, and so on.
    ChimneySweep(R): fast, automatic
    table repair at a click of the
    mouse! http://www.sundialservices.com

  6. #6
    Join Date
    Mar 2004
    Location
    Illinois
    Posts
    2

    CF Solution

    As a simpler solution, but not as secure, CF does have Encrypt() and Decrypt() functions that use symmetric encryption. Although you can provide the key.

    Simpler.. but I'd go with an asymmetric encryption approach if the material is pretty sensitive

    Josh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •