Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: storing credit card numbers in a database

Re: storing credit card numbers in a database

From: Jeff Herrick <jherrick_at_igs.net>
Date: Fri, 21 Feb 2003 11:59:46 -0800
Message-ID: <F001.00555222.20030221115946@fatcity.com> 






Look into the DBMS_OBFUSCAITON package. I used it to encrypt
passwords for a system management app and it works well. The
only problem is that you need an encryption key for the
programs to use. If anybody knows how to read the ALL_SOURCE
view they will be able to find your key and decrypt the data.
You can use the 'wrap' utility to try to hide it and then protect
the un-wrapped source code up the ying-yang but if you use a
text variable like I was crazy enough to to, the damn literal
gets put into the wrapped source. You can use an expression
of some sort but it's going to have to generate the key reliably
each time and then what happens if it doesn't some day
and all of your data becomes unreadable??? the literal
starts looking better....but you have to hide it well and
protect it from being compromised.



Not to toally turn you off of the package....but I was coming
at it from the angle that I was trying to protect the information
from somebody like me  =8-)



HTH


Jeff Herrick



On Fri, 21 Feb 2003, Chris Stephens wrote:



>

> I've been asked to find out a way to encrypt credit card numbers and store

> that encrypted string in the database.  ...any oracle functions or

> functionality to do this? ....or would we have to encrypt the numbers in the

> application and then pass that string to the database?

>

> We don't want anyone to be able to get to the numbers even if they have

> access to the table in which it is stored.

>

> Thanks for any input

> chris

>



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Jeff Herrick
  INET: jherrick_at_igs.net

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Feb 21 2003 - 13:59:46 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US