Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: storing credit card numbers in a database

RE: storing credit card numbers in a database

From: Nick Wagner <Nick.Wagner_at_quest.com>
Date: Fri, 21 Feb 2003 13:28:04 -0800
Message-ID: <F001.00555589.20030221132804@fatcity.com> 





it would be safer to encrypt the credit card number at the application
level, and insert that string into the database, because anyone with a
decent sniffer would be able to pick it out of the SQL*Net code. Whether or
not they even have access to the database. 
 


-----Original Message-----



Sent: Friday, February 21, 2003 12:40 PM
To: Multiple recipients of list ORACLE-L




Besides the DBMS_OBFUSCATION_TOOLKIT, Application Security Inc also has a
product to encrypt data in the database.  Check out their web site
www.appsecinc.com.



-----Original Message-----



[mailto:Mohammed.Ahsanuddin_at_VerizonWireless.com]
Sent: Friday, February 21, 2003 3:25 PM


To: Multiple recipients of list ORACLE-L




We have been looking at a similar requirement..so far it seems if you want
to use oracle's encryption (DBMS_OBFUSCATION_TOOLKIT)  tool kit encryption
has to be done in code and passed to the database and vice versa.
 


There is a product called secure.data for oracle database from protegrity
which claims to be application transparent..I have not worked with that but
it is an option.
 



Thanks 


Mohammed Ahsanuddin 


Oracle DBA 


-----Original Message-----



Sent: Friday, February 21, 2003 2:06 PM


To: Multiple recipients of list ORACLE-L






I've been asked to find out a way to encrypt credit card numbers and store
that encrypted string in the database.  ...any oracle functions or
functionality to do this? ....or would we have to encrypt the numbers in the
application and then pass that string to the database?



We don't want anyone to be able to get to the numbers even if they have
access to the table in which it is stored. 



Thanks for any input 


chris 



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Nick Wagner
  INET: Nick.Wagner_at_quest.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Feb 21 2003 - 15:28:04 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US