[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: using userPassword attribute
> > Do you have any idea on "storing encrypted creditcard numbers in
> >LDAP and retrieving them" ???
>
> Most crypto worth anything is one-way, like a password hash. So there is
> no 'getting them back'. I'd recommend storing things like cc numbers in
> the clear and defining an ACL that only allows clients using some level of
> encryption to retrieve the values (see the ssf directive).
Never store CC numbers in the clear.. At least use something
like pgp to keep out the curious. I suggest a multi level
approach. Store the last 4 digits of a credit card as
text in ldap so a person using a web site can identify the
credit card they saved in your system. The real credit card
number should be pgp encrypted with at least 2048 bit key
and then stored in ldap. You would store the private
key safely on a seperate highly hardened and protected system which
has the capability of processing the credit card transactions.
Thanks.. Mike