[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypted bank account info

Subject: Re: Encrypted bank account info
From: "David A. Bandel" <..hidden..>
Date: Fri, 5 Mar 2010 17:12:41 -0500

On Fri, Mar 5, 2010 at 16:54, Chris Travers <..hidden..> wrote:
> Hi all;
>
> I was reviewing the requirements for 1.3 from a security perspective
> and thinking we really should encrypt customer/vendor bank account
> info.  If nothing else, I think this should be in a recommended add-on
> if not in the main branch.

Encrypt what?  Transmission to the web browser (done if using https)?
Transmission from web server to psql database (PgSQL supports SSL, but
I hardly worry in the case where PG is on the same server as the web
server)? DB storage?

If DB storage, what do you do about transaction logging?

I hear you, but this could get ugly.  Anyway, I'm more concerned if
someone breaks into my server and the resultant damage than that of
someone stealing some bank account numbers.  I hope the data in the
database only allows deposits and not withdrawals.  Online CC payments
should require use of the CVV and hopefully that is not stored.

>
> Anyone have any ideas as to the best way to do this?
>
> I have a few ideas but still not quite completely formed.....
>
> Best wishes,
> Chris Travers
>

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto
Visit my blog at: http://www.pananix.com/cgi-bin/blosxom

Follow-Ups:
- Re: Encrypted bank account info
  - From: Chris Travers

References:
- Encrypted bank account info
  - From: Chris Travers

Prev by Date: Encrypted bank account info
Next by Date: Re: Encrypted bank account info
Previous by thread: Encrypted bank account info
Next by thread: Re: Encrypted bank account info
Index(es):
- Date
- Thread