Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Advice On Data Security

T-Square

By T-Square
in Security Concepts

 Share

This topic is 6819 days old. Please don't post here. Open a new topic instead.

Recommended Posts

T-Square Experienced

T-Square

Posted
Posted

I have an app where my users offer ongoing subscriptions to their clients. My users are looking to add automatic credit/debit card transactions to their payment options.

Because the subscriptions are ongoing, my users will need to store the credit card information locally, so they can trigger monthly payment transactions. However, I am naturally concerned with maintaining the security of this info.

The main database has never had much in the way of security, since the user base is small farmers. I want to maintain the openness of the main system while still keeping the card info secure.

I am working on having a separate, passworded database file to contain just the credit card info. The account and password will be different from anything else in the system, so my users will have to enter the password to open the file. Scripts will be used to enter data into this file and to retrieve the info when a transaction is run. After each transaction, the credit card file will be closed. Each attempt to open the file will trigger the password request, which is how I want it to be.

Am I on the right track, or is there a better way to handle this?

Thanks,

David

Wim Decorte Grand Master

Wim Decorte

Posted
Posted

How about an encryption plugin? This way you could keep the CC info encrypted and only decrypt on the fly as needed. As long as you're careful on how you create your key (and where) even someone got their hands on the CC file it would be meaningless garbage.

T-Square Experienced

T-Square

Posted
  • Author
Posted

I'll preface my reply with a disclaimer: I have never been a fan of plug-ins, and always have looked for ways to solve my database scenarios without them. The cheap side of me thinks, "I bought the software! Shouldn't it just do everything?" I recognize the chauvinism in that, but there it is. Now...

Wim, I guess I'd have to ask what I'd get from encrypting a file if FM already offers Accounts and Privileges. If the file is passworded, isn't it locked down? Or is there a way to read the data even if the password is unknown?

David

Wim Decorte Grand Master

Wim Decorte

Posted
Posted

There are cheap pw crackers out there, once they have the password, your data is theirs. With an encryption plugin they'll see gibberish instead of the data.

  • 2 weeks later...
Thanh Apprentice

Thanh

Posted
Posted (edited)

Any sugesstion for a good encryption plugin? I have heard of BlowFish, has anyone had any experience with them?

Edited by Guest

This topic is 6819 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept