Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Where to keep encryption key , DB?
<pelln_at_icke-reklam.ipsec.nu.invalid> wrote in message
news:9qemfv$nqf$2_at_nyheter.crt.se...
> In comp.security.misc NetComrade <andreyNSPAM_at_bookexchange.net> wrote:
> > We are planning to store credit card #'s in our database..
>
<snip>
> The better method is : Don't try to obfuscate credit card info. MOVE IT
> to a safe server.
>
> If a machine is exposed to Internet ( or other security hazards) it's
> unwize to have any sensitive information on-line.
This raises the question of how on earth do you conduct online commerce. Is it just impossible? If you are using an RDBMS to drive your ecommerce site then it has to have a communications channel to the internet site, though of course that channel should be secure etc. Maybe this is a FAQ on comp.security.misc but it isn't on the Oracle NG.
-- Niall Litchfield Oracle DBA Audit Commission UKReceived on Tue Oct 16 2001 - 03:22:08 CDT