Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Advice On Data Security

T-Square
in Security Concepts

Featured Replies

I have an app where my users offer ongoing subscriptions to their clients. My users are looking to add automatic credit/debit card transactions to their payment options.

Because the subscriptions are ongoing, my users will need to store the credit card information locally, so they can trigger monthly payment transactions. However, I am naturally concerned with maintaining the security of this info.

The main database has never had much in the way of security, since the user base is small farmers. I want to maintain the openness of the main system while still keeping the card info secure.

I am working on having a separate, passworded database file to contain just the credit card info. The account and password will be different from anything else in the system, so my users will have to enter the password to open the file. Scripts will be used to enter data into this file and to retrieve the info when a transaction is run. After each transaction, the credit card file will be closed. Each attempt to open the file will trigger the password request, which is how I want it to be.

Am I on the right track, or is there a better way to handle this?

Thanks,

David

How about an encryption plugin? This way you could keep the CC info encrypted and only decrypt on the fly as needed. As long as you're careful on how you create your key (and where) even someone got their hands on the CC file it would be meaningless garbage.

  • Author

I'll preface my reply with a disclaimer: I have never been a fan of plug-ins, and always have looked for ways to solve my database scenarios without them. The cheap side of me thinks, "I bought the software! Shouldn't it just do everything?" I recognize the chauvinism in that, but there it is. Now...

Wim, I guess I'd have to ask what I'd get from encrypting a file if FM already offers Accounts and Privileges. If the file is passworded, isn't it locked down? Or is there a way to read the data even if the password is unknown?

David

There are cheap pw crackers out there, once they have the password, your data is theirs. With an encryption plugin they'll see gibberish instead of the data.

  • 2 weeks later...

Any sugesstion for a good encryption plugin? I have heard of BlowFish, has anyone had any experience with them?

Edited by Guest

Create an account or sign in to comment

https://fmforums.com/topic/41413-advice-on-data-security/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.