Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Where to keep encryption key , DB?

Re: Where to keep encryption key , DB?

From: Niall Litchfield <n-litchfield_at_audit-commission.gov.uk>
Date: Tue, 16 Oct 2001 09:22:08 +0100
Message-ID: <3bcbee48$0$225$ed9e5944@reading.news.pipex.net> 





<pelln_at_icke-reklam.ipsec.nu.invalid> wrote in message
news:9qemfv$nqf$2_at_nyheter.crt.se...


> In comp.security.misc NetComrade <andreyNSPAM_at_bookexchange.net> wrote:

> > We are planning to store credit card #'s in our database..

>



<snip>


> The better method is : Don't try to obfuscate credit card info. MOVE IT

> to a safe server.

>

> If a machine is exposed to Internet ( or other security hazards) it's

> unwize to have any sensitive information on-line.





This raises the question of how on earth do you conduct online commerce. Is
it just impossible? If you are using an RDBMS to drive your ecommerce site
then it has to have a communications channel to the internet site, though of
course that channel should be secure etc. Maybe this is a FAQ on
comp.security.misc but it isn't on the Oracle NG.



--
Niall Litchfield
Oracle DBA
Audit Commission UK


Received on Tue Oct 16 2001 - 03:22:08 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US