By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,501 Members | 2,797 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,501 IT Pros & Developers. It's quick & easy.

q; Keeping Credit Card in the database

P: n/a
Keeping Credit Card in the database:
If I am going to keep credit card information in the database, what process
and procedure I need to pay attention so that I would not be in trouble
because of security in web application, database, and in the building that
the server is in. Any guidelines?

Jul 11 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hello JIM.H.,

Use SSL to have the postback encryption, encript session state and DB content

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

JKeeping Credit Card in the database:
JIf I am going to keep credit card information in the database, what
Jprocess
Jand procedure I need to pay attention so that I would not be in
Jtrouble
Jbecause of security in web application, database, and in the building
Jthat
Jthe server is in. Any guidelines?
Jul 11 '07 #2

P: n/a
Some of this will depend on the applicable data laws in your country. For
example the UK data protection act states how long you're allowed/required
to keep data for and that sort of thing.

All transactions should be done over SSL, and the credit card details should
be encrypted in the database, preferably using a key with salt.

Regards,

Tim.
Jul 11 '07 #3

P: n/a
"Tim Payne" <ti*@branded3.comwrote in message
news:OB**************@TK2MSFTNGP04.phx.gbl...
Some of this will depend on the applicable data laws in your country. For
example the UK data protection act states how long you're allowed/required
to keep data for and that sort of thing.
Very true. In addition, you need to be registered with the Information
Commissioner's Office before you can store certain types of data, especially
personal and financial data like this...
All transactions should be done over SSL, and the credit card details
should be encrypted in the database, preferably using a key with salt.
Yes, definitely.
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Jul 11 '07 #4

P: n/a
On Wed, 11 Jul 2007 06:04:06 -0700, JIM.H.
<JI**@discussions.microsoft.comwrote:
>Keeping Credit Card in the database:
If I am going to keep credit card information in the database, what process
and procedure I need to pay attention so that I would not be in trouble
because of security in web application, database, and in the building that
the server is in. Any guidelines?
You also need to look at database level encryption

--
http://bytes.thinkersroom.com
Jul 11 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.