MySQL Forums
Forum List  »  Security

Re: using mySQL to store credit card info
Posted by: Thomas Butler
Date: October 04, 2006 09:11AM

"2. Encryption_password can be stored encrypted by user password for any user who need it. When user logon, Encryption_password is decrypted by user-logon-password and stored into the RAM. Encryption_password when stored into the memory can be additionally encrypted by session_password for current session"

This is a good approach when you want to have each user to have access to their sensitive data using their own encryption key.

In our case, we need to have a single encryption key that is used within the front-end Java application to encrypt Social Security #'s (SSN) being stored in the database. At a later date, we need to be able to decrypt all of the SSN's for tax purposes.

I have searched the forum and not yet found a good answer for how to protect the encryption key in the front-end Java application. For example, our Java front-end web app will contain the query to encrypt the data the user has inputted in the web form. How can we protect the encryption key in the Java code?

Options: ReplyQuote


Subject
Views
Written By
Posted
27612
February 03, 2005 03:44PM
7412
November 21, 2005 11:09PM
6887
November 29, 2005 05:51PM
Re: using mySQL to store credit card info
9128
October 04, 2006 09:11AM
5239
February 16, 2009 07:37PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.