On 06/05/07 08:59, Alvaro Herrera wrote:
> Ron Johnson wrote:
>> On 06/04/07 17:54, Guy Rouillier wrote:
>
>>> Many people consider two-way encryption to be insecure; two-way
>>> encryption means you can decrypt a value if you know the key, and it is
>>> insecure because you usually have to put the key into the source code.
>>> That means at least one person in your company, the programmer
>>> maintaining the source code, can learn all of your users' passwords.
>> Two-way encryption is needed for companies that store customer
>> credit cards.
>
> I thought that the advice for companies storing customer CCs was: don't.
Sometimes you "must".
An example from my industry: transponder "toll tags" and toll roads.
The customer pre-pays a certain amount based on expected usage,
and every time he drives thru a plaza, his balance decreases. Once
it drops to a certain threshold, more money needs to be added to the
account.
If he is a CASH/CHEK customer, a light at the lane flashes yellow
and (depending on the Agency) a message pops up saying, "Balance
low", so he drives over to the customer service center, stands in
line and pays his cash.
If he is a CC customer, the system (which I am DBA of) bills his
card directly, saving the customer much time and effort.
--
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!